system A can communicate with system B (2 systems from 2 different suppliers). the International Organization for Standardization (ISO) had developed a model with the aim to structure and standardise the world of data communication and networks. e. A private network is mostly company-speciﬁc. The ISO’s objective was to develop a reference model whereby mutual communication between two systems.1 The OSI model
In 1979.g. two computers.
Figure 1.Chapter 1
Introduction
1. public as well as private networks. Between these systems. In accordance with the ISO OSI model (also called the 7-layer model).1: The OSI model
. could take place. different networks can be present. provided that the conditions that apply to this network are complied with. The ISO is the committee that has developed the Open Systems Interconnection (OSI) reference model. A public network is a network that is accessible by everyone.

Every layer contains a number of deﬁned functions.
. amongst others. from ASCII to EBCDIC. The data link layer not only places additional information in front of the transmitted data but often also behind it. Every layer of the model gives the message a header. APPLICATION LAYER (layer 7) This layer provides service to applications that run for the beneﬁt of network system users. It has been agreed for the reference model that the message to be sent by the sender will run through these seven layers. This means that the network ﬁnds a route and avoids congestion within the network. electrical or optical entities that are required to realise. maintain and break off the physical connection. this layer ensures. This trailer contains a check code for the detection of possible transport errors. the conversion of character codes. Only the physical layer does not add anything. This means that a faultless data transport can be realised whereby the data is received in correct order by the receiver. every layer adds a piece of information (header) to the user data on the sending side. The header shows which data communication functions have to be carried out. In the OSI model. as well as the setting up and termination of such a session. every layer exchanges information with the corresponding layer on the other side of the connection.g. Layer 2 maintains an error detection. e. see ﬁgure ??. For the functioning of the communication protocols. PRESENTATION LAYER (layer 6) The protocols in layer 6 determine how data is represented: this is necessary as different computer systems represent numbers and characters in different ways. SESSION LAYER (layer 5) The control structure of the dialogue (session) between two applications over the network is provided for here.and correction mechanism in order to be sure that transmission errors are handled and that data are correctly received on the other side.Introduction
2
The OSI model consists of seven functional layers. So. TRANSPORT LAYER(layer 4) The transport layer is responsible for a reliable transmission of data. DATA LINK LAYER (layer 2) The protocols of layer 2 specify how the frames eventually have to be sent over the network. The corresponding layer on the receiving side removes this information again. starting from layer 7 and then descending until layer 1. NETWERK LAYER (layer 3) The addressing is conﬁgured on this level. A limited enumeration of the different layers is given below: PHYSICAL LAYER (layer 1) This layer ensures the connection with the medium via which the information is sent between two points in the network: this means that this layer provides the mechanical. The network layer ensures the transport of messages from one node to the other on the sender’s route to the ﬁnal receiver. apart from the application data that the ﬁnal users of the connection send to each other. The transport layer ensures a logical connection between both end systems of the network (a logical point to point connection).

maintain and break off a connection with another station.
Figure 1.2
LAN
A local network (Local Area Network (LAN)) has been developed to ensure communication between computers.1 Bridging (networking) and Network Management
.1 can be consulted for general concept on LANs.Introduction
3
Figure 1. Currently.3: Location LAN within the OSI model
Figure ?? shows the ﬁlling in of layers 1 and 2 in the OSI model by the IEEE802 standard. The connected stations in a LAN are autonomous. The 802 committee of the Institute for Electrical and Electronic Engineers has established a number of standards for LANs. Every station can set up. work stations and peripherals in an area of a very limited geographical size. Standard IEEE802. meaning that primary and secondary stations do not exist. the four bottom layers of the OSI model require a slightly different approach for a LAN. the following work groups are active within the IEEE802 committee:
• IEEE802. With regard to public networks.2: Protocol overhead in the OSI model
1.

3e. 100Base-T and 100Base-F • 1997: IEEE802.3i.0.0. 100Base-T2 • 1998: IEEE802. 1Mbps over twisted pair • 1990: IEEE802. cheapernet or 10Base2 • 1987: IEEE802.Chapter 2
Ethernet
2. was released in November 1982: Ethernet II.3y.3 Carrier Sense Multiple Access with Collision Detection Access Method and Physical Layer Speciﬁcations. Due to its huge market share.3 group of the IEEE802 committee and this under the name IEEE802.
• 1985: IEEE802. The second and ﬁnal version of the DIX standard. were available starting from 1982. Intel and Xerox released the ﬁrst Ethernet speciﬁcation. Fiber Optic Inter Repeater Link (FOIRL). despite some disadvantages.3z.3x: full-duplex Ethernet • 1997: IEEE802. based on the DIX standard. It deﬁnes Thick Ethernet in case of 10Mbps CSMA/CD. under the name Ethernet Blue Book or DIX standard. 10Base-F: distances greater than 2 km over ﬁbre optic • 1995: IEEE802.
• 1983: The Institute of Electrical and Electronic Engineers (IEEE) launches the ﬁrst IEEE
standard for Ethernet technology. A short historical overview:
• 1980: Digital Equipment Corporation. up to now.
• 1987: IEEE802. release of the popular 10Base-T. 1000Base-X standard.3a. Ethernet.3j. unknown degree of standardisation on Ethernet. Use of two ﬁbre optic cables
to extend the distance between 10 Mbps repeaters up to 1000m.3u. generally known by the name Gigabit Ethernet
. IEEE reworked some parts of the DIX standard. It was developed by the 802. The current LAN market is characterised by an. especially with regard to the deﬁnition of the frame determination. 10Mbps over UTP category 3 • 1993: IEEE802. deﬁnition of thin Ethernet.1 Introduction
Ethernet is the basis of LAN networks. scores over all alternative technologies.3d. version 1. The ﬁrst Ethernet controllers. version 2.

Important cabling detail that is required for most bus technologies: the terminating resistance (terminator) . In order to break through the bus topology. The ﬁrst implementations of Ethernet were based on a thick yellow coax cable . A terminating resistance consists of a resistance that connects the central core of the cable with the shielding: when an electrical signal reaches the terminating resistance. a star topology can be worked out.5 metres. For the correct functioning of a network.a small. The thick. the terminating resistance is indispensable as the end of the non-terminated cable reﬂects electrical signals just as a mirror reﬂects light. rigid yellow coax was rapidly replaced by the black. This type of implementation has been superseded.2
Implementations based on twisted pair
The major problem with coax is that only half duplex communication can be applied. The connection of the different stations is realised by T-shaped BNC connectors whereby a maximum segment length of about 200 metres can be applied. This way. more ﬂexible coax which resulted in the implementation of thin Ethernet (10Base2). then this signal will be reﬂected by the cable end. Features of the original Ethernet:
• 10Mbps • Baseband (basic band transmission) • max.1
Implementations based on coax
The original Ethernet was designed around the concept of a bus topology. resulting in a poor transmission quality. When a station tries to send a signal over a non-terminated cable.2. The transceivers can be positioned every 2. 100 transceivers per segment
Thick Ethernet coax cables have a marking every 2. The network can easily be extended and checked in this way and it facilitates error detection. 5 x 100 = 500 meter • max.also named 10Base5. These transceivers are used to connect stations to the network.thick Ethernet . Ethernet has switched to a topology where twisted pair can also be used: all stations are connected with one or more central hubs. interference will occur. cheap device that has to be mounted on all endings of the coax cables that form an Ethernet. this is discarded.
2. When the reﬂection reaches the sending station. The variants on the basis of twisted pair have evolved from 10Base-T (10Mbps) to 100Base-T (100Mbps) to 1000Base-T (1000Mbps). The applied bus structure is also not ideal if certain problems occur. The maximum segment length between a participant and a hub is 100 metres.Ethernet
7
2.5 metres in order to ensure correct positioning of the 10Base5 transceivers (or MAUs).
.2. this avoids reﬂections of the signals.

In principle. supports speeds up to 100Mbps.g. The IEEE speciﬁcation for Ethernet 10/100Base-T requires that the one used pair is connected to pin 1 and pin 2 of the connector while the second pair is connected to pin 3 and pin 6.Ethernet
8
Figure 2. developed for twisted pair. CAT5 (Class 5) UTP (Unshielded Twisted Pair).2. any point to point communication is possible. TD stands for Transmitted Data. Only 2 of the 4 pairs are used in 10/100Base-T (pair 2: orange/white and orange and pair 3: green/white and green).and the minus signs indicate that the signal is sent mirrored via two data lines. is equipped with 4 data pins: 2 for sending. RD stands for Received Data.
Table 2. also see ﬁgure 2. every host has to be connected directly with a structure element: a hub or a switch. The 4 pairs can be identiﬁed as 1 is always completely coloured and the other one has the same colour with white parts in between.1: The MAU for 10/100Base-T
The MAU. Therefore.
Fast Ethernet The UTP cable.1: Pin conﬁguration for Fast Ethernet
Pin 1 2 3 4 5 6 7 8
Colour green with white green orange with white blue blue with white orange brown with white brown
Function +TD -TD +RD unused unused -RD unused unused
Table 2. 2 for receiving. The cable consists of 8 wires. The other two unused pairs will be connected to pin 4 and 5 and on pin 7 and 8. This is the basis for full duplex Ethernet. e. The plus.
.1 shows the pin conﬁguration for 10/100Base-T. arranged in 4 pairs.

This cable is generally used for the connection of a structure element and an end element. the PC and the hub/switch or the PC and the wall. This means that it can be detected automatically which cable is used and the crossing will be corrected internally if necessary. pair 2 has to be connected with pin 3 and pin 6 while pair 3 has to be connected with pin 1 and pin 2. The IEEE Fast Ethernet has deﬁned 100Base-T as extension on the 10Base-T.3: Twisted pair cabling. Along one side.Ethernet
9
Figure 2. A cross-over cable is required to set up the PC-PC connections (connection of two end elements) and to secure connections between hub/switch and another hub/switch (connection between two structure elements). This cable can be used for connections between the patch panel and the hub/switch. is the cable that we get when we connect both sides of the cable pair 2 with pin 1 and pin 2. also called patch cable.
Figure 2. we have to switch the used pairs. Fast Ethernet is characterised by:
. 10/100Base-T
Current Ethernet ports support autocrossing. In order to make a cross-over cable. while pair 3 is connected with pin 3 and pin 6.2: Transmission technology for 10/100Base-T
The straight-through cable.

data C and data D. In other words. A data rate of 1000Mbps is reached as 2 bits are being processed for every clock pulse and this is done via four data pairs. For every clock pulse. If the CAT5 Ethernet cables have to be used for this.
.Ethernet
10
• Data transmission at a speed of 100Mbps • Full Duplex communication • Wireless Ethernet
In Fast Ethernet. The ﬁfth voltage level is used for the error mechanism. This modulation technology is called 4D-PAM5 and currently uses ﬁve different voltage levels. 10 and 11) and uses four voltage levels for this. So. 1000Base-T codes two bits per clock signal (00. The four data pairs are applied here bi-directionally. 01. DB. Data are sent or received via all four data pairs. the technology has to be adapted. Cat5 cables are certiﬁed for a transmission speed up to 125 MHz. Furthermore. The 10Mbps data rate means a clock rate of 10MHz. Data stream: 4 bit pattern: 5 bit code: 0111010000100000 0111 0100 0010 0000 01111 01010 10100 11110
The applied clock rate is 125MHz (5/4 x 100). Table2. then this causes a problem as they only support a clock rate up to 125MHz. for example. one single bit is sent. every data bit is coded in one physical bit. one single bit is not exactly converted into one single signal in the cable. for a group of eight data bits. First. Gigabit Ethernet therefore still uses the 100Base-T/Cat5 clock rate of 125MHz. BI stands for bi-directional while DA. 100Base-T uses the so-called 4B/5B scheme whereby each group of four bits is coded in a 5 bit signal. data B. 1000Base-T uses all four data pairs of an Ethernet cable. a mechanism is provided for auto negotiation: this makes it possible to built Ethernet interfaces that switch automatically between 10Mbps and 100Mbps. eight signals are generated in the cable. Gigabit Ethernet Gigabit Ethernet targets a data rate of 1000Mbps. For the 10Base-T standard. DC and DD stands for data A.2 shows the Gigabit Ethernet pin conﬁguration. In order to realise this.

This technology is speciﬁcally meant for fault-prone transmission channels.2. With regard to physical implementation. 1000Base-SX and 1000BaseLX. Gigabit Ethernet over ﬁbre has been developed for the full-duplex mode with a data rate of 1000Mbps. A Wireless LAN uses the so-called spread spectrum technology. A wireless network is in general much less fast than a ﬁxed wired network. the so-called ISM band (Industrial.
.4 GHz frequency band.4 Ghz) are also used by many other devices. the glass ﬁbre cable was integrated as a suitable interface.4
Wireless LAN
IEEE802. There are two different variants for Gigabit Ethernet. the IEEE802. 1000Base-LX uses light pulses with long wavelength over multimode or single-mode ﬁbre.Ethernet
11
Table 2. No licences are required for this. Bluetooth. e. This is important as these frequency bands (especially the 2.11 The IEEE deﬁnes different standards for wireless LAN in their IEEE802.3
Implementations based on ﬁbre
In order to make longer segment distances possible. 10Gigabit Ethernet over ﬁbre with different variants also has been added. The ﬁrst ﬁbre glass variants are known by the name 10Base-F and 100Base-F.11 provides the infrastructure conﬁguration or the Ad Hoc conﬁguration. Separate ﬁbres are used all the time for the sending and receiving of data. Scientiﬁc and Medical) or in the 5 GHz band. The radio connections for a Wireless LAN take place in the 2.2: Pin conﬁguration for Gigabit Ethernet
Pin 1 2 3 4 5 6 7 8
Colour green with white green orange with white blue blue with white orange brown with white brown
Function +BI_DA -BI_DA +BI_DB -BI_DB +BI_DC -BI_DC +BI_DD -BI_DD
2. A major advantage is the ﬂexibility. 1000Base-SX uses light pulses with short wavelength over multimode ﬁbre.
2. Recently.11 description.g.2.

This is because the capacity of the wireless access point is limited to 64 clients.Ethernet
12
Figure 2. Wireless-enabled computers that are included in an infrastructure mode form a group that is called a Basic Service Set (BSS).3: WLAN standards within the IEEE802. This name only applies to the wireless network. An ad hoc wireless LAN consists of a group of apparatuses each equipped with a wireless adaptor that is directly connected to each other and form an independent wireless LAN in this way. Table 2.3 displays an overview of the different standards.4GHz
Data transmission 11Mbps 54Mbps 54Mbps 54Mbps 600Mbps
. Ad hoc or peer-to-peer relates to a wireless conﬁguration in which every participant communicates directly with the other.11a IEEE802. The complete wireless network has a unique SSID (Service Set Identiﬁer) and is also has a network name.
WLAN standards Different standards are deﬁned within the IEEE802. The wireless access point functions as central point for the routing of the all wireless data trafﬁc.11h IEEE802.11
Standard IEEE802.11b IEEE802.11g IEEE802. These standards use different modulation technologies in order to obtain improved transmission speeds.4GHz 5GHz 5GHz 5GHz and/or 2.11. At a certain moment.4: Physical implementation of WLAN
Infrastructure conﬁguration is the conﬁguration whereby a wireless access point is used to connect a wireless LAN with a cabled LAN. An actual organisation of the network is therefore not possible here.11n
Frequency band 2. a maximum of 64 individual computers can be included in a BSS.4GHz 2.
Table 2.

Figure 2. the maximum (theoretical) speeds of up to 54Mbps are reached with IEEE802.11a uses the complete 5GHz band. this means that 8 non-overlapping channels of 20MHz wide can be used over the two lowest bands of the 5GHZ UNII band. this has to be reviewed as these channels overlap for a large part.4GHz band for WLAN
The ETSI deﬁnes a slightly wider frequency band for Europe. The IEEE802. 11 channels of 22MHz band are deﬁned here.9 and 13.
IEEE802. in accordance with the FCC rules. These are channel 1.11a.11a/h IEEE802. Figure 2.Ethernet
13
IEEE802. Figure 2.
. This means.11b supports a maximum speed up to 11 Mbps. in principle. Theoretically this would mean that the bandwidth for these 11 channels is 242 Mbps (11x22 Mbps). channel 6 and channel 11.11b/g IEEE802. With the application of OFDM (Orthogonal Frequency Division Multiplexing).11b/g uses the 72 MHz band part of the 2. Within Europe.4 GHz band.5 shows that there are only three nonoverlapping channels: channel 1.6 shows the different channels within the 5GHz band. In reality. The speed is decreased dynamically in case of a bad connection or great distance to the access point. including 13 channels of 22 MHz band. that we can use 4 barely overlapping channels in Europe.11g supports a maximum speed up to 54 Mbps.5: The 2.5. The IEEE802.

the Bluetooth SIG (Special Interest Group) deﬁnes different application proﬁles. the use of the 5GHz band in Europe has quite a few restrictions. Moreover.Ethernet
14
Figure 2. then the AP will adapt the capacity to the required level.11h.and send antennas whereby a transmission speed of maximum 600Mbps is obtained if 4 channels of 40MHz each are used.4 GHz band is divided over 79 channels of 1 MHz. e.
• TPC (Transmit Power Control): just the required capacity is transmitted.11n This recent standard uses MIMO (multiple input . Therefore.4 GHz licence-free ISM band.
. serial communication and transmission of Ethernet data frames.5
Bluetooth
The basic technology (two bottom layers of the OSI model) is standardised in the IEEE802.multiple output). The 2. IEEE802. the data to be sent are not spread out over a wider frequency band but FHSS (Frequency Hopping Spread Spectrum) is applied. a technique to transmit data wirelessly by means of several reception. Figure 2. the IEEE802.15.6: The 5GHz band for WLAN
As opposed to the USA. Bluetooth uses the 2. As opposed to WLAN.7 shows the functioning of FHSS.g. every data frame is sent on another frequency.2. if two participants are in close vicinity. Two important protocols were added in order to eventually comply with the European regulations:
• DCS (Dynamic Channel Selection):the AP will automatically look for another channel if
it appears that the channel is used by another application.11a is converted into the IEEE802. This means that different logic channels can be active in parallel. Each time. 1600 hops per second can be carried out.
2.1.

As this is a frequently occurring issue.8 shows how there is enough space in case of a full 2. Bluetooth has integrated an automated co-existence mechanism: Adaptive Frequency Hopping (AFH). then Bluetooth can avoid this/these frequency (ies).
Figure 2. Bluetooth can adapt and choose from adequate number of frequencies to avoid interference.4GHz band where three separate WLAN channels are active. This mechanism enables Bluetooth to suspend certain ’bad’ frequencies temporarily from the hopping list. The WLAN channel uses a statistic frequency band. If there is interference on a Bluetooth frequency as a WLAN channel is active on the same frequency.Ethernet
15
Figure 2. Figure 2.7: FHHS technology
A great advantage of the use of Bluetooth in the industry is the perfect co-existence with WLAN.8: Co-existence of Bluetooth and WLAN
.

2
MAC address
On a common transmission medium of a LAN. A computer cannot occupy a shared resource for longer than it takes to send one packet. Computer networks are therefore also called packet switching networks.
lot of data may be lost. Every manufacturer of network cards gives each card a unique address number that is stored in the ROM of the card. a physical address that is unique for the network card: the MAC address (Medium Access Control Address).
• Several computers make common use of underlying links and hardware.1
The data link layer
Introduction
Packet switching is used to send messages. In case of transmission errors.
.3
2. every station has to have a unique address.9: Packet switching
There are two reasons to choose usage of packets:
• Sender and receiver has to coordinate the transmission.
2.Ethernet
16
2. the network system divides the data into small blocks and packets that are sent separately. Every participant has an Ethernet address.3. Packet switching is mostly applied for computer to computer communication. then it is easier for the sender and receiver to determine which blocks are still intact on arrival and which aren’t. If the data is divided into smaller blocks. Instead.
Figure 2. A network
has to ensure that all computers have equal direct access to a shared communication facility.3. In computer networks. a random quantity of data is not transported uninterruptedly.

• DA: the destination address. for example.11: Building of an Ethernet data frame
The following ﬁelds are deﬁned in an Ethernet data frame:
• Preamble: is a series of 56 bits alternating with 1 and 0. This ﬁeld takes 6 bytes of space. indicates
to the receiver that the actual data is on its way. This ﬁeld is 6 bytes long. the last byte of the preamble. Every MAC address has to be unique. The lowest 24 bits form a serial number. a multicast or a broadcast address. The destination MAC address ﬁeld identiﬁes the station or
the stations that have to receive the message.
Figure 2.3
The Ethernet dataframe
An Ethernet frame consists of at least 46 actual data bytes and a constant number of 26 protocol bytes (overhead). The highest 24 bits form a manufacturer number issued by XEROC.10: The MAC address
The MAC address consists of 48 bits (6 bytes) and is divided into two groups of three bytes.
• SA: the source address.Ethernet
17
Figure 2. The source MAC address ﬁeld identiﬁes the station from where
the message originates. These bits are used for synchronisation and give each participant the time to observe the activity on the bus before the actual data arrives. Phoenix Contact.3. The MAC broadcast address is FF FF FF FF FF FF. The destination address can be an individual.
• SFD: the start of frame delimiter (10101011).
2.
. is assigned manufacturer number 00A045h. There are 4194302 possible manufacturer numbers. This minimum number of data bytes is necessary for the deﬁnition of the slot time.

It will then send a message that is heard by all other participants.4
CSMA/CD
Ethernet uses the CSMA/CD (Carrier Sense Multiple Access / Collision Detect) protocol.Ethernet
18
• TYPE: for the ﬁeld type. if necessary. For Ethernet II.3 deﬁnes the ﬁeld TYPE as LENGTH ﬁeld in order to be able to send the number of actual data bytes. a distinction is drawn between Ethernet II (DIX standard) and
the IEEE802. Only the length has to be a minimum of 46 bytes and not more than 1500 bytes.
• FCS: the check sum is a 4-byte CRC value that the sender creates and sends.12: Collisions on an Ethernet segment
.when the bus is inactive and not a single participant is sending data. Xerox assigns a code of 2 bytes to every protocol that is developed for Ethernet. a station has to wait for an ’idle period’.
Figure 2. This data ﬁeld is transparent.
• PAD: the padding bits are random data bits that. no overlapping is possible and both deﬁnitions can be used.
2. Xerox does not use type numbers below 1500 and as the maximum length of a data frame is 1500. Some examples: 0600h 0800h 0806h 0835h 8100h XNS IP (Internet Protocol) ARP protocol Reverse ARP protocol IEEE802 1. If a second participant is sending a message at the same time.
• DATA: the data ﬁeld contains the data to be sent.q tag frame (VLAN)
The IEEE802. sends an error frame. the ﬁeld type refers to the higher-level protocol that uses an Ethernet frame to send data. In order to send a data frame. two or more stations can use a common transmission medium. The
receiver can check the integrity of the data with this code. can be added to the data
in order to reach the minimum required 46 bytes.3 . The participant that detects a collision ﬁrst. With CSMA/CD.this
means that the content of this ﬁeld is completely free for Ethernet. then a collision will be detected.3.

Ethernet

19

A collision domain is a multi-segment conﬁguration in accordance with the CSMA/CD protocol whereby a collision will occur when 2 participants send a data frame at the same time on the segment.

Figure 2.13: CSMA/CD ﬂow

Figure 2.13 shows the CSMA/CD ﬂow. A participant that wants to send data will ﬁrst check the network on a carrier, or the presence of a station that is sending data. If an active carrier is detected, then the sending is delayed. If no active carrier is detected for a period that is equal to or greater than the interframe gap, then this station can start sending the message. During the sending of the message, the participant will continue to check the medium on collisions. A network interface therefore has to send data and check the medium at the same time. If a collision occurs, then the participant stops the sending immediately and a 32-bit jam sequence is sent. If the collision is detected early, then the frame preamble will be sent before the jam sequence is sent. This jam sequence is necessary in order to make sure that the length of the collision is sufﬁciently long so that all participants can observe the collision. After sending the jam sequence, the participant will have to wait for a random period of time before making a new attempt: this process is called Backoff. A few important additional deﬁnitions:

• Interframe gap: Ethernet participants have to plan a minimum period without activity
(’idle period’) between the sending of two frames. The minimum interframe gap is 96 bit times (9.6µs for the 10Mbps version, 960ns for 100Mbps Ethernet and 96ns for Gigabit Ethernet.

• Slot time: this parameter is deﬁned as 512 bit times for the 10Mbps and the 100Mbps
versions, and 4096 bit times for Gigabit Ethernet. The minimum transmission time for

Ethernet

20

a complete data frame should be at least one slot time. The time required so that all participants can observe a collision, cannot be more than one slot time. The slot time is an important Gigabit Ethernet parameter: – it determines the minimum length of a data frame (64 bytes for 10Mbps and 100Mbps). Every frame shorter than 64 bytes is considered as a collision fragment. – it determines the maximum length of a collision domain in order to avoid late collisions. – it ensures that if a collision has to take place that it will happen within the 512 bit times of the frame transmission time.

2.3.5

CSMA/CA

The CSMA/CD technology of wired Ethernet cannot be applied to wireless Ethernet. The standard describes half-duplex radios, while sending the data it cannot be checked whether any collisions take place. In order to solve this, another technology is applied, namely CSMA/CA. Instead of detecting collisions, collisions will be avoided, CA: collision avoidance. The chance of collisions is the greatest right after an occupied medium. That is why waiting times and a recovery phase are deﬁned. Figure 2.14 shows some important parameters with regard to waiting times for the access to the medium. All parameters are related to the slot time (derived from the propagation time delay that the medium causes. These parameters are:

• SIFS (Short Interframe Spacing): shortest waiting time for medium access (thus highest
priority). The access point uses this waiting time for the sending of ACK messages.

• PIFS (PCF Interframe Spacing): medium priority, this time is used for the polling actions
of an access point.

If a host wishes to send a message, then ﬁrst the medium has to be listened to. If the medium is longer than the time DIFS is free, then this participant can take the initiative to send a message. If it appears that the medium is occupied, then one has to wait until the sending participant has completed the sending. Then a DIFS time has to be waited. The access point has a higher priority and only has to wait for a SIFS time. If the medium is still free after the DIFS time, then the recovery phase starts whereby every host, that wants to send data, starts a random backoff timer. The participant that has completed the counting ﬁrst, can take the initiative to use the medium and send the data.

2.4
2.4.1

Structure elements for Ethernet
The hub

The maximum segment length of a LAN is determined by the used medium and the applied access mechanism. In order to cancel the length restriction, methods are rapidly searched to link several segments one after another. The ﬁrst and most simple method is to use a repeater. A repeater is a signal ampliﬁer that transmits packets transparently, independent of the package content. A repeater is used to connect two or more Ethernet segments together. As can be seen on the slight , a repeater link takes place on the physical layer, in accordance with the ISO-OSI deﬁnitions.

Figure 2.15: The repeater in accordance with the OSI model

Both segments can have a different medium. A 10Base-T based segment, for example, can be connected to a ﬁbre glass segment by means of a repeater. Another important feature of a link on the basis of a repeater is that not only the data bits are transmitted but also any collisions and signal errors. Network segments that are connected mutually via a repeater are therefore prone to fault situations; a problem on one segment multiplies over all other segments. In modern local networks, based on Ethernet, repeaters are mainly used to connect segments of different media with each other. The backbone segments from ﬁbre

Figure 2. the media types that are supported and the extensibility. It is at least possible to switch off the ports and to detect whether failures have taken place.Ethernet
22
glass cabling are always connected via optical repeaters to branch segments of twisted pair cabling.16.
2. An important functionality of the modern hub is the option for network management.
. a modern hub is equipped with an SNMP agent that is controlled from a management station. a bridge checks the MAC address and on this basis the transport to the other segment takes place or not.2
The switch
One of the options to interlink LAN segments with more intelligence is to use a bridge. All segments that are connected with each other via a hub are a collision domain. A hub is available in several different versions. In order to make available this option. Before a package is transmitted from one segment to the other segment via a bridge. These versions differ in the number of ports. A bridge is more than just a medium that transmits data like a repeater.16: The hub
A hub is actually a multiport repeater: it regenerates incoming signals to all other ports as can be seen from ﬁgure 2.4.

This technique avoids that inactive stations are addressed or that stations are not recognised anymore.
Figure 2. a segment is not loaded with the frames of the other segment that do not belong there from an addressing point of view. If every participant connects directly to the port of a switch. then many collision domains occur but each domain only contains one participant and no collisions can occur. The switch is elaborated upon in another part of the document. In that case. Finally. the bridge also avoids that collisions between frames are transmitted from one segment to the other.17: The bridge in accordance with the OSI model
A bridge can be equipped with more than two network ports. the term switch is used. At the same time. A MAC address table is updated from a software point of view for every port.
. Every port of a switch closes a collision domain.18: The switch
Linking the segments of a local network via a switch has a number of advantages over the link with a repeater or a hub. The load per segment is reduced by this bridge function. fault situations are not transmitted as the switch also checks the correct building of the frame. This table is ﬁlled by listening on the relevant segment of the network and by copying all MAC addresses that occur on that segment to the table. Every address is retained for a limited time and is deleted again as soon as a certain time (the hold time) has lapsed. When using a switch.Ethernet
23
Figure 2.

This bit is 0 for Ethernet and 1 for Token Ring. . One of these applications is VLAN (see also in this chapter). 2 bytes: VLAN Tag Protocol Identiﬁer
– User priority.3af standard. – VLAN ID: Identiﬁcation of the VLAN. frames with priority (Proﬁnet IO)
2. – CFI: Canonical Format Indicator. The PSE (Power Sourcing Equipment) and the PD (Powered Device)
. The IEEE802. This is especially handy if the network device is used in a place where power supply via the electric point is difﬁcult to realise. Bluetooth access points.5
IEEE802.1Q is only developed for Ethernet or Token Ring. IP cameras.. The use of PoE makes an extra power adapter superﬂuous. touch panels. FFFFh 0000h reserved no VLAN. 3 bits: the priority of the frame is included. 4094 possibilities.1p. divided into two extra ﬁelds in the Ethernet frame in order to use for new applications. IP telephones (voice over IP). the unused lines of an Ethernet cable were used to transmit 24V or 48V.6
Power over Ethernet
The IEEE802. PoE was developed for WLAN access points. RFID reading units.1Q describes 4 extra bytes.3afPower over Ethernet offers since June 2003 the possibility of common transmission of data and power over the same Ethernet cable. the priority code (a number between 0 and 7) is described in IEEE802.. 2 bytes: has the value 8100h to specify that this frame is a tagged frame
and therefore contains an extra information ﬁeld
• VLAN TPID.1Q tagged frame
The IEEE802. This had already been applied before via non-standardised systems.. The protocol deﬁnes two basic components. The stream to the devices can be limited and checked via the IEEE802.
Figure 2.19: Building of a tagged frame
Description of the extra ﬁelds:
• TYPE(TAG).Ethernet
24
2.

• End point PSE: the standard Ethernet switch is replaced with a PoE switch.20: Building of a PSE
2 types are distinguished.Ethernet
25
2. in accordance with the norm.
.1
PSE
The device that provides power to PoE is called a PSE (Power Sourcing Equipment). An extra module is required every time to make PoE possible.2
PD
The network participant that receives power over the Ethernet cable is called a PD (Powered Device).
Figure 2. • Mid span PSE: this device is placed between the conventional switch and the network
participant. A PD has to support Alternative A and B.
Figure 2.21 shows the integration of a mid span PSE. Every port of a PSE should be able to supply 350mA for 44V (15. Only functions on alternative B.21: Use of a mid span PSE
Figure 2. In order to avoid polarity related errors.6.4 Watt). an auto-polarity circuit is built in a PD.6. The voltage is 48V nominal (between 44V and 57V).
2.

After the determination of the class. The following protection classes are distinguished: Class Class Class Class 0 1 2 3 0.
.6.49W to to to to 12. • The PSE applies a voltage of 10. then no power is supplied. the PSE applies a voltage of 20. alternative A
2.84W 6.95W
2.6.44W 0.4W and a PD cannot use more than 12.5V
on the load.
Figure 2. an identiﬁcation process is carried out during the connection:
• If nothing is connected to the PSE. The power is connected via transformers with center tap on pins 1-2 and 3-6 so that these are invisible for the data stream.95W. a PSE should be able to supply at least 15. then the port will be dead • A device reports a resistance of 25kΩ.3
Alternative A
The power is transmitted via the data lines. In order to protect devices against unexpected voltage.1 V on the load and measures the power.Ethernet
26
According to the norm. The positive side of the 48V is connected to pin 4 and 5. This difference is used to cover the losses in the twisted pair cable. the negative side is connected to pin 7 and 8.
• In order to determine the speciﬁc class from 0 to 3.49W 12.22: PoE. The pairs 4-5 and 7-8 are used in parallel so that more current can pass.84W 6.44W 3. the PSE applies a voltage of 48V on the load. If the required
power is less than the minimum power. Can be used for 10/100/1000Base-T. A 100 metres cable has a resistance that causes losses.95W 3.4
Alternative B
The power is transmitted via the cores in a UTP cable that is not used for data.

Ethernet
27
Figure 2. alternative B
Can only be used if pair 1 and pair 4 are available (certain industrial Ethernet cables only contain pair 2 and 3) or if pair 1 and 4 are not used (so 1000Base-T is not possible).
.23: PoE.

• ISL: InterSwitch Link. this is a widely used proprietary protocol of Cisco • IEEE802. Some examples of the organisation of a network:
• By department: one VLAN for Sales.
• By use: one VLAN for users that require e-mail and another for multimedia users
2. The relocation from one VLAN to another does not require change in cabling. If a device of VLAN Sales wants to communicate with the VLAN Automation. broadcasts can cause an overloaded network.
• Additional security: devices of a VLAN can only communicate with devices in the same
VLAN.Ethernet
28
2. This means that several logic groups can be created on a large physical network. Other examples are additional security and restriction on network load. Only one port per device is required for this. another VLAN for Engineering and another VLAN
for Automation. A VLAN has an own broadcast domain.
. A router is needed to route data trafﬁc between the different VLANs.7
VLAN
A VLAN or Virtual Local Area Network is a group of participants in a large network that form a separate network in a logic manner. Broadcast messages are often sent to devices that do not need these messages.1 Advantages of VLANs
The greatest advantage of VLANs is the segmentation of the network. Data packets are only transmitted within a VLAN.2
Trunking
Trunking is a method to send data from different VLANs between two switches. even if they are spread out over different switches.7. a piece of code (tag) is added that states which VLAN the sent package comes from.
For trunking.1Q: this is a standard that is supported by several switch manufacturers. The participants may physically be far away from each other but have to be on one and the same physical network. then this connection has to be set up in a router. be moved to a network connection that belongs to Engineering. for example.
• By hierarchy: one VLAN for management. VLANs limit this problem as a broadcast message from one VLAN is not sent to the other VLAN. The VLANs remain separated. The port has to be set up as a member of the VLAN Engineering but does not require new cabling.
• Restriction on network trafﬁc: for a traditional network. another VLAN for managers and another
VLAN for employees. A station from Sales can. Thanks to this system.
• Moving devices around: it is easier to move devices around in the network In a traditional network. There are different ways of trunking. the beneﬁts of VLAN are retained. It only requires a setting on the switch.7. cabling has to be changed when a user moves from one subnet to another.
2.

Advantages: – Easy to conﬁgure – Everything is done using the switch.
. then the administrator has to do a reconﬁguration. then all computers that one connects to this switch will automatically belong to this VLAN.Ethernet
29
2. Advantage: everyone can connect his computer to any port and still be part of the correct VLAN. – If a second switch is connected to a port that belongs to a certain VLAN.
• Dynamic VLANs: are not based on ports of a switch but on the address of the user or
the used protocol. The user hardly notices anything Disadvantages: – If a user connects his PC to the wrong port. Depending on the port of a switch to which a user connects. this belongs to one or the other VLAN. Disadvantage: the cost of this VLAN type is higher as it requires special hardware.3
VLAN types
The different types of VLANs can be divided into two types: static and dynamic VLANs.7.
• Static VLANs are port-based.

the network .1
Network redundancy
Introduction
Network redundancy means the integration of hardware and software that ensures that the availability of the network remains optimal in case of a Single Point of Failure.Ethernet
30
2. In order to handle network errors.8
2. It is an OSI layer-2 protocol that guarantees a closed loop free LAN. an automated back-up path is provided if an active link drops out for whatever reason. only for ring topologies. Depending on the application. Spanning tree makes it possible to extend a network whereby redundant links are integrated. in 2001. Since 2004.1d norm. the spanning tree protocol is described as superﬂuous in the IEEE802. it can easily take 30-50 seconds before the alternative path becomes available. The communication system .8. Can be applied in mesh topologies (discussed elsewhere in this chapter). The IEEE802.1d. The recovery time of the RSTP is lower than of the STP (thus the name).1d and it is recommended to use the RSTP instead of the STP. the IEEE formulated.8.2 The Spanning Tree Protocol
The Spanning Tree Protocol (STP) is an open protocol that is described in the IEEE802. the rapid spanning tree protocol (RSTP). After the interruption of a segment. different protocols can be integrated in the structure elements. • PRP: Parallel Redundancy Protocol
2. this recovery time may already be rather too quick.
.
2. An advantage of the STP is that it cannot be used for redundant ring structures.3
The Rapid Spanning Tree Protocol
As a reply to the shortcomings of the spanning tree protocol.8. Three important groups can be distinguished:
• STP/RSTP: (Rapid) Spanning Tree Protocol.
• MRP: Media Redundancy Protocol. It is based on an algorithm developed by Radia Perlman (employee at Digital Equipment Corporation).1w is therefore included in the 802. This delay is unacceptable for controls and 30 seconds is extremely long for monitor applications. without creating closed loops in the network. namely 1 to 10 seconds instead of 30-50 seconds. In order to apply this protocol.1w standard. This way.is the core of every modern automation project. The protocol is described in the IEEE802. the used switches have to support the protocol.

24: Possible tree topology by means of (R)STP
Figure 2. This way.. Bridge Protocol Data Units (BPDUs).. Extensions on RSTP In order to meet the needs of the automation. This protocol. recovery times of 100. These times are shorter in case of less number of terminals in the network. many companies plan proprietary extensions on the RSTP protocol in order to attain recovery times of less than a second.4
Bridge Protocol Data Units (BPDUs)
The tree structure is calculated by means of a speciﬁc algorithm so that there is one switch conﬁgured as the root. with it as the SA using the unique MAC of the port itself and.24 shows a network with ﬁve different structure elements. One structure element is conﬁgured here as root. If a network error occurs. Special frames are used for this. can only be used for 10 or 200Mbps. There are various types of BPDU:
• Conﬁguration BPDU (CBPDU) used for the calculation of the spanning tree • Topology Change Notiﬁcation BPDU (TCN).8. QoS is obtained for the redundant building of automation networks. however. then a new active path is created. A bridge sends a BPDU.
2. Every switch must in fact have all the information required so as to be able to deﬁne the correct port lines. the STP Multicast address 01:80:C2:00:00:00. 500 ms are reached. as the DA. From this root. Fast Ring Detection is an extension of Phoenix Contact on the RSTP. When a network switch drops out. switches exchange information between them. The RSTP protocol converts this topology into a tree structure by closing off a number of ports. This results in the occurrence of unacceptable loops that will quickly congest the network. In order to ensure that every switch has sufﬁcient.Ethernet
31
Figure 2. used to notify changes in the network • Topology Change Notiﬁcation Acknowledgement (TCA)
. all other switches can be reached via one single path. Different redundant connections are created. correct information. Recovery times of not more than 500 ms are available for extensive automation networks with 1000 entered address tables in the switches.

. in order to distribute information about itself to other network participants and to save information from neighbouring participants. each port is allocated a speciﬁc status by a switch.1q Version 2003. With MSTP. This protocol functions on two parallel networks. MSTP. various VLANs are split into logical instances (groups of VLANs with the same spanning tree topology). It uses the data link layer. PRP does not plan a change of the active topology in case of a network error. is a standard that provides a solution for the conﬁguration problems faced by extensive LAN structures.1s and later adopted in IEEE 802. an alternative link to the root
2. MSTP bundles all the spanning tree information into one single BPDU in order to restrict the number of BPDUs and it is fully compatible with RSTP switches.8.1
Important additions
LLDP
The protocol IEEE802.9. the Spanning Tree Protocol may also be used.5 Multiple Spanning Tree Protocol (MSTP)
In an Ethernet environment where Virtual LANs are used. In case of a network error.Ethernet
32
To create a network without loops.1ab.
2. deﬁnes an extension of RSTP in combination with Virtual LANs. The various statuses are:
• ROOT: port that forms the link to the root switch • DESIGNATED: an active port that forms a link to an underlying switch in the tree structure. The receiving node processes the message that arrives ﬁrst and rejects the copy message.1q with which only one spanning tree is created for the entire network. originally deﬁned in IEEE 802. LLDP is possible with all 802 media.
• ALTERNATE: a port with a lower priority. This combines the best of PVST (Per-VLAN Spanning Tree) in which each VLAN deﬁnes its own spanning tree and the original IEEE 802. routers.
. Recovery times are in the range of 100ms..6
Media Redundancy Protocol
MRP is part of the PROFINET standard.8. link layer discovery protocol. It deﬁnes a standard method for switches. PRP also makes the double network invisible for the higher layers in the communication stack. PRP ensures the copying and rejection of the messages. In case of MRP.8. the network splits up into two isolated lines that are linked together again when the blocked port is released.
2. a ring manager blocks one port in order to obtain an active line structure.7
Parallel Redundancy Protocol
In contrast with the above technologies..9
2.
2. Every data frame is sent over the two networks.. WLAN access points.

This makes it possible to demand another form of authentication depending on the type of user: both strong and weak authentication. is known in the protocol as the supplicant.
2.1X is performed with a ﬂexible authentication mechanism called the Extensible Authentication Protocol (EAP).1x
IEEE 802. the RADIUS infrastructure. The switch does not perform the identiﬁcation itself but forwards the request to a RADIUS authentication server on the network. This can all be done. The server processes the request and gives feedback to the switch. It is for instance possible to make a user name and a password compulsory for students and for staff to use a certiﬁcate. Advantages:
• Improved detection of network errors • Tool for replacing modules • Better network conﬁguration and network management
LDDP information is used within engineering tools to visualise a network topology in a graphic manner. the client.
. Authentication occurs even before the user is given access to the network. is an authentication server.2
IEEE 802. IEEE 802. the switch or the access point is the authenticator. under which various forms of authentication are possible. • The access device. which then opens the port for the user. both wirelessly and with wires. There are three important players in the operation of the protocol:
• The user.9. • The controlling device. regardless of the hardware used. The recognition of an authorised user therefore occurs at Layer 2 of the OSI model.Ethernet
33
A switch that support LLDP can carry out topology detection via other participants that also support LLDP.25: Three important players in the operation of the protocol
The authentication for 802.1x uses a protocol to exchange information with a device/user that sends a request for access to a port. This aspect is dealt with in more detail on the section concerning security. The messages contain a user name and a password.1x is a security standard for authentication on each individual port of a switch.
Figure 2.

26: Link Aggregation
Link Aggregation may be used in several ways:
• Connection between two switches • Connection between switch and end station • Connection between two end stations
. Link Aggregation is currently standardised in the IEEE 802.000 Mbps. 100 Mbps and 1. It offers the following advantages:
• Increased availability of the connections • Capacity of a connection increased • Higher performance with the available hardware
Today’s LAN technologies provide data rates of 10 Mbps.Ethernet
34
2.3
Link Aggregation with LACP to IEEE 802. The technique is applied both to switches and to network interface cards (NICs).000 Mbps is required.9.3ad standard. Link Aggregation can create levels in between where necessary or if a data rate greater than 1. a high-speed connection can be provided by the grouping of several 1. Link Aggregation can also provide a redundant connection.000 Mbps connections.
Figure 2. which adds fault tolerance to critical business systems.3ad
Link Aggregation (also called trunking) is a way of physical network linking and is the English term for the aggregation of several network connections with the aim of achieving higher transfer speeds.

2. Ethernet is used more and more in an industrial environment. The IEEE 802.3. such that a MAC client can treat the Link Aggregation Group as if it were a single link’ (IEEE Standard 802.4: Points of attention for installation of Ethernet
Ofﬁce environment Fixed basic installation in the building Variable network connection for workstations Cables are placed in false ﬂoorings Prefabricated cables Standard workstations on RJ45
Industrial environment system-speciﬁc applications connection points with the network are seldom or never changed connectors that can be assembled on the shop ﬂoor RJ45 in the cupboards.3ad standard also describes the use of the LACP (Link Aggregation Control Protocol) for easy exchange of conﬁguration information between the various systems. If one link is lost between the two switches. This should make automatic conﬁguration and also the monitoring of all link aggregation groups possible. There are signiﬁcant differences between the ofﬁce environment and the industrial environment. the other link in the link aggregation group will take over.
Table 2.Ethernet
35
Diagram xxxx shows how switches are connected to each other via two 100 Mbps links. Link Aggregation is currently included in the IEEE 802.3ad standard: "Link Aggregation allows one or more links to be aggregated together to form a Link Aggregation Group.10
Industrial Ethernet
In recent years. Industrial Ethernet refers to the use of industrial products in order to meet the more speciﬁc requirements of the industrial world. The tables below show some important points of attention. 2000 Edition). This information exchange is by means of LACP frames as described in the standard. M12 in the ﬁeld regular use of ﬁbre optics and cabling intended for use in moveable cable conductors carefully implemented earthing 24V DC power / Power over Ethernet (PoE) regular use of line topology or ring topology redundancy is often a requirement
230V AC power Star topology 19" switch cabinets (dimensions of standard ofﬁce server cabinets) Service life of about 5 years Devices with active cooling (ventilators)
service life of about 10 years terminals suitable for assembly on a DIN rail passive cooling (ﬁxed parts) alarm contact for error indication carefully implemented earthing
.

Ethernet
36
Table 2.5: Environmental effects
Ofﬁce environment Moderate temperatures with low ﬂuctuations Hardly any dust No humidity or water Hardly any shocks or vibrations Low level of EMC Low mechanical load or danger No chemical hazards No radiation hazards
Industrial environment external temperatures with high ﬂuctuations a lot of dust humidity or water can be present Vibrations or shocks are possible High EMC level High mechanical load or danger Chemical impact due to oily environments or aggressive atmosphere High exposure to UV radiation in outdoor environments
.

universities. a very general concept.1 Introduction
Transmission Control Protocol / Internet Protocol (TCP/IP) is a collection of industrial standard protocols designed for communication over large networks consisting of different network segments that are linked by routers. with each other. can communicate with each other? The answer to this question is twofold. that connects research centers. etc. spread out worldwide. connected to a different network. TCP/IP is a protocol used on Internet. a certain amount of memory and a separate interface for each network to which it is connected.also called the public Internet. companies. Internetworks is however. An internet is not limited in size: there are internets that consist of a couple of networks but also internets that consist of hundreds of networks. Internet with capital letter I relates to the worldwide Internet.
. libraries.1: How to communicate over an internet?
The question that has to be asked is how two different hosts.
Figure 3. that is the collection of thousands of networks. A router is a structure element with the special task to connect networks. The ﬁrst part of the answer is a hardware aspect: an internet consists of different networks that are connected to each other by routers. individuals.Chapter 3
TCP/IP
3. Every router has a processor. at a great distance.

2: The TCP/IP suite
Central in this model is the internet layer and the transport later which is discussed in detail elsewhere in this chapter.2
3.1
The Internet Protocol (IP)
Introduction
The most important features of the IP protocol are:
• Routing of a data packet over the Internet. the ARPANET Reference model or mostly just called the TCP/IP model. The HTTP protocol belongs to this. only one suite is really considered and that is used most for internet works. The application layer collects and describes all protocols that use the TCP/IP protocol. This suite is called TCP/IP suite. A four layer model (the DoD (Department of Defence) model). No ﬁxed physical connection is created. Every host is identiﬁed by a 32-bit IP address.
3. The network layer ensures the communication on the local network between the host and the router or between two routers mutually. This is the protocol that makes it possible to surf to a certain web application.2. Although many software protocols are adapted for internet works. A simpliﬁed model is mostly used to represent the TCP/IP suite. for example.
. The TCP/IP suite can be perfectly positioned in the OSI model. The TCP/IP protocol will then make a universal communication service possible so that the surf order is possible over the entire Internet. Every packet can follow a different route to the same
target host when sending different IP packets.
• it is a connectionless protocol.
Figure 3.TCP/IP
38
The second part of the answer is a software aspect: a universal communication service has to be active on every host.

Net ID and Host ID together form the IP address. The Internet Protocol(IP) is applicable to the network level (layer 3 of the OSI model).
• The IP header is at least 20 bytes long. The header
consists. the header can be
60 bytes maximum. 4 bytes.3: The IP address
Every network gets a name (Net ID) and every network participant gets a unique number within this network (Host ID). every participant also gets a unique address number within this network address. This address is deﬁned on the IP layer and is called IP address.
3. A header check sum is created. With this network address. Uniform addressing is based on this principle. This functionality is not required for as long as the information transfer takes place within the same network. The data packet is hardware independent and is encapsulated again on the local network before it can be transported. The connection of different networks takes place by means of routers. When different networks are bundled into a bigger entity. amongst others. This layer is responsible for the presentation and transportation of information over different networks. consisting of a header and a data ﬁeld.
Figure 3.2
The IP address
General An IP address consists of 32 bits. each network should also be identiﬁable with an address.
• The IP protocol does not check if the data have been sent correctly and it also does not
provide conﬁrmation.or correction mechanisms: send-it and pray. Each network will therefore get a unique network address. represented as 4 decimals separated by a dot.
.TCP/IP
39
• A universal data packet is built. When using the options ﬁeld. The network name is then the IP address whereby the Host ID is equal to zero. of the address of the sender and of the destination.2. Uniform addressing is required to realise this: the IP address.

TCP/IP
40
Figure 3.1 sums up all features of the three different classes. Figure 3.1 shows the features of class A. The distinction between the classes A.4: Building of the IP address
Classes of IP addresses IP addresses are divided into different classes.
Figure 3. The largest number of bits in the IP address determine to which class an IP address will belong.5 shows an overview.
. Table 3. B and C. B and C is determined by the number of bytes that are part of the Net ID on the one hand and the number of bytes that are part of the Host ID on the other hand. Class D is added in order to send multicast messages in a simple way. Class E currently has no function yet.5: The different classes within IP addressing
Table 3.

6: Functioning router
.0 → 10.3
Routers and subnet masking
Figure 3.0.107.168.255
Special IP addresses Table 3.255 172.2.255. The IP address 131.2: IP addresses for private networks
Class A networks Class B networks Class C networks
10.3: Some important special IP addresses
Net ID all zeroes Net ID Net ID 127
Host ID all zeroes all zeroes all ones random
Description IP address of this computer is always used during the start The network address identiﬁes a complete network Broadcast address on the network IP address for the testing of network applications
An option has to be planned to send broadcast messages on a network.0 → 192.TCP/IP
42
Table 3.168.31.0 → 172.255 is a network broadcast address of the subnet with network address 131.0.0 .0. An IP broadcast address for a certain segment is obtained by setting all bits of the host ID to 1.255.0.0.255.107.255.16.
3.3 gives an overview of the special IP addresses
Table 3.255 192.255.

in 1985 with the RFC 950. B or C. Table 3. These routers maintain so-called routing tables in which is speciﬁed where certain IP addresses can be found. 11111111 . 11111111 .4
Subnetting
Subnetting is to generate several subnets from a given IP address.0. Subnet mask is 255. 16 different combinations can be created. Example: a class C address is extended with four network bits. then the router knows to which port the relevant packet can be sent.TCP/IP
43
Despite the fact that the Internet is indicated in singular form. 0 The following 10 subnets can be created in this way. 255 . If a correspondence is found. 11110000 255 . All subnets can be linked to each other via a router. the subnet mask then becomes: 11111111 . 240
3.0 or 1111 1111 1111 1111 0000 0000 0000 0000 The entire company has to be divided into 10 different subnets. In order to facilitate the routing and to use the existing classes in a better way.255. How is the subnet mask set up? The bits that represent the network part have the value 1 The bits that represent the host part have the value 0 Then the decimal conversion follows. the router compares the target address with its routing tables. Example: a company works with IP address 172. Every ISP (Internet Service Provider) hooks up its network to at least one other network. it consists of a large number of IP networks. Subnetmask 1111 1111 1111 1111 1111 0000 0000 0000 or 255 .4 shows the different subnets.0.0 (class B). to create groups of addresses within a class A.2. 240 .23. 255 . 255 . Routers ensure that information is routed correctly over the Internet. As every network has its unique identiﬁcation. The router ﬁlters the network part from the IP address by means of this mask. The router uses a subnet mask for this purpose.
. the information can be sent from one to the other station. The required 10 subnets can be created by adding 4 bits to the Net ID. The preﬁx (NetID) is extended with a few bits (an extended network preﬁx) for the creation of a number of subnets within a class. As soon as an IP packet arrives. The IP address does not change when using subnets. for the routers it is important to know which bits now form the NetID. the option was given. With 4 bits. However.

0 172.240.240.0 255.TCP/IP
44
Table 3.240.0 172.0
3.0.96.23.80.128.23. This results directly from the subnetting concept.16 or 24 bits.255.240.0 255.0 172.112.255.0 172.23.0 255.240.48.255.0 255.240.13.240. A CIDR address contains the 32-bit IP address and information about the number of bits that are part of the Net ID.B and C.0 172.23.
.23.255.23.2.255. Classless Inter-Domain Routing is a new way of addressing for the Internet which would lead to a more efﬁcient use of IP addresses in comparison to the classes A.48/25.0
Subnetmask 255.23.0 172.23.255.01.64.0 255.255.0 172.16.255.23.4: Subnetting and subnet masks
BYTE 3 (binary code) 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
BYTE 3 (decimal value) 0 16 32 48 64 80 96 112 128 144
Subnet 172.144.255. The solution to this problem consists of two steps:
• Restructuring of the IP addresses • Hierarchical route structure in order to make the routing more efﬁcient
CIDR.23.255.240. The Net ID is not limited anymore to 8.32.5
Classless Inter-Domain Routing
The success of the Internet may lead to a shortage in IP addresses. In the address 206.240.240.0 172.0 255.0 255. the sufﬁx ’/25 means that the ﬁrst 25 bits determine the network name and that the remaining bits are used to identify a certain participant on the network.0 172.0 255.0 255. The increasing number of networks also lead to a quickly increasing number of routes which will also cause a problem for global routing tables.

In order to get a good idea of the functions of the IP protocol.
Figure 3. the following takes place.
• The fragment offset ﬁeld speciﬁes the position of this fragment in the total message. When these packets reach their ﬁnal destination. the IP header is further explained. then IPv4 will divide this packet on the router into smaller packets that ﬁt in the data frames of the relevant subnet. The sending of information by means of the IP protocol takes place on the basis of IP packets.
.7
The IP packet
The data to be sent are transmitted by the transport layer to the internet layer.
• Each packet has its own IP header • All divided messages that belong to the same original message have the original identiﬁcation ﬁeld.TCP/IP
46
3. The more fragments ﬂag is not placed in the last fragment. The whole is then transmitted to the network layer for further processing. The internet layer packs the information in the data ﬁeld and then adds an IP header. The more fragments ﬂag shows that other fragments follow.8 shows the different ﬁelds within the IP header. The header consists of at least 20 bytes.2. When a packet has to be divided.7: The IP packet
When a router receives an Ipv4 packet that is too big for the subnet on which the packet has to be transmitted. Figure 3. IPv4 will put these packets back into the original order on the target host.

• Source IP address: IP address of the sending participant • Destination IP address: IP address of the receiving participant • Options : other network information can be included in the IP header. If the options
data do not end with a 32-bit word. This avoids that a message can exist forever.
. • IHL: ﬁeld of 4 bits that represents the length of the header (in bytes) • Type of service: reserved/priority of the required service • Total length: the total length in bytes of the complete IP packet • Identiﬁcation: if an IP packet has to be divided.8: The IP header
• Version (V): ﬁeld of 4 bits that represents the IP version.TCP/IP
47
Figure 3. then each packet gets a unique identiﬁcation so that all packets can be merged back correctly on the receiving side. this value is reduced by 1.
• Flags: the ﬂags are used to follow-up the fragmentation of the packets • Fragment offset : when a data packet is divided then the position of the fragment in the
entire packet is a 8-bit unit.
• Time to live (TTL): every time an IP packet passes a router. Every router will recalculate this
header checksum.
If this number is 0 then the relevant router will reject this message.
• Protocol: the higher level protocol is represented here
01h 06h 11h ICMP TCP UDP
• Header Checksum: a check value for the IP header. then the rest is ﬁlled with padding zeroes.

8
IPv6
General The most recent IP protocol that is discussed in this chapter has version number 4 (IPv4).9: IPv6 header
The IP header is completely changed. a new version of the IP protocol has to be able to guarantee a higher performance. This creates extensive addressing options. addresses become 128 bits long: 8 groups of 4 hexadecimal digits 2000:0000:0000:0FED:CBA9:8765:4321 2000::FED:CBA9:8765:4321 IPv4 addresses ::192. A number of IPv4 ﬁelds are deleted or are only still available as option.2. This means the implementation of IPv6 and IPv4 on the nodes. With the introduction of IPv6. IP address IPv6 uses IP addresses of 128 bits. A simpler basic header in combination with the option to integrate optional headers has to ensure that the header-processing time for the router is greatly reduced. Hexadecimal notation with double dots. However. Currently.TCP/IP
48
3.20. The ﬁelds in the IPv6 header:
• Flow label: a 20-bit identiﬁcation number to distinguish a packet in a data stream
. there is also a practical problem: how will the publicly accessible Internet that functions on Ipv4 switch to Ipv6? The easiest way is the so-called dual-stack approach. IPv6 header
Figure 3. the automation world is not interested in the integration of IPv6.32. Some features of the IPv6 are discussed below. as many IPv4 design features as possible are retained as these have made this version so successful. The great success of the IP protocol results in the need for a new version. There is a pressing shortage of IP addresses and furthermore it is also important that new functionalities can be integrated in a simple way. Moreover. These nodes can process IPv4 as well as IPv6 datagrams.46 The new addressing has to result in smaller routing tables.

TCP will have a difﬁcult task. used and then stopped again. Using the unreliable packet service of IP.
Figure 3.
As the transport layer (TCP and UDP) and the data link layer (e.TCP/IP
49
• Hop limit: number of routers that can process a certain packet is limited • Next header: deﬁnes the type of the ﬁrst optional header • Version ﬁeld: This 4-bit ﬁeld indicates the IP version number.10: TCP if end-to-end transportprotocol
From the TCP point of view. this is value 6.g. • Payload length ﬁeld: this 16-bit number is an unsigned integer with which the number
of bytes in the IPv6 datagram is indicated that follows after the standard header with a length of 40 bytes. cannot be duplicated or do not arrive in the right order. For many applications it is essential that a transport system offers reliability: the system has to guarantee that data are not lost. the designers of IPv6 have decided that the calculation of checksums on the internet layer is no longer necessary.
3. TCP is therefore a end-to-end protocol.3.2
End-to-end transport service
The TCP protocol is responsible for the correct sending of information over one or more networks. Ethernet) calculate protocols on the Internet checksums. TCP sees IP as a mechanism with which TCP can exchange data on a certain host with TCP on a remote host.3. Figure 3. For IPv6.
.10 shows why TCP is an end-to-end protocol. it has to provide a reliable data delivery service to different application programmes. The exchange form of TCP is known as connection oriented: a logical connection is established.
3.3
3. the complete Internet is a communication system that can accept and deliver messages without changing or interpreting the content.1
Transmission Control Protocol (TCP)
Introduction
IP is a connectionless packet delivery service.

also see ﬁgure 3.3
How reliability is achieved
TCP is a library with routines that applications can use when they want to start a reliable communication with another participant or host.11: Three-way handshake
. works faster than the receiving end. This results at a certain moment in a zero window advertisement from the receiver. A receiver sends a window advertisement for every acknowledgement. Three-way handshake: In order to guarantee that connections are made and ended in a reliable way. If the timer ends before the conﬁrmation was received. Every time that TCP sends data it starts a timer. TCP uses a three-way handshake in which three messages are exchanged.
Figure 3. each end of the connection reserves a buffer for the incoming and outgoing data and sends the size of the buffer to the other end. The available buffer space at a given moment is called window and the notiﬁcation for the speciﬁcation of the size is called window advertisement.11. Window mechanism or organise the data stream.TCP/IP
50
3. and the term FIN segment for the description of message in a three-way handshake with which a connection is closed. TCP uses different techniques to guarantee complete reliability. then the receiver sends a positive window advertisement with every conﬁrmation. it sends an acknowledgement to the sender. then the sender sends the data again. then the incoming data will eventually ﬁll the buffer of the receiver.3. TCP uses the term synchronisation segment (SYN segment) for messages in a three-way handshake that is used for the setting up of the connection. Resending datagrams: when TCP receives data. If the receiving application can read the data as fast as that they arrive. A sender that receives a zero window advertisement has to stop the sending until the receiver sends a positive window advertisement again. When the sending end however. When a connection is made.

Figure 3.TCP/IP
51
3. the TCP header is further explained. This is discussed in further detail elsewhere in the chapter.4
The TCP segment
The data to be sent are transmitted by the application layer to the transport layer.
• Source. – the SYN bit that is used to start a communication
. Destination Port: for the different upper-layer applications. The header consists of 20 bytes.
– the RST bit to initialise the communication again.
• Acknowledgement number: this ﬁeld contains the next sequence number that is expected from the partner. The sending of information by means of the TCP protocol takes place on the basis of TCP segments.12 shows the different ﬁelds within the TCP header.3. Figure 3.
• Header Length: length of the TCP header in 32-bit words • Code bits: different bits with which a number of statuses can be included. This course also includes table 3. The sequence number is the
number of the ﬁrst data byte in the TCP segment after the TCP header.6 that gives an overview of often used ports within the automation.
• Sequence number: Every byte of TCP has a number. The use of port numbers is essential to build up a communication between the different applications. in accordance with the original deﬁnition of a socket as deﬁned by ARPA (1971). Ports is a unique 16-bit address. The combination of a port and an internet address is called a socket. TCP is accessible
via different port numbers. The whole is then transmitted to the internet layer for further processing.12: Building of a TCP segment
In order to get a good idea of the functions of the TCP protocol. The transport layer packs the information in the data ﬁeld and then adds a TCP header.

.
• Window: the window ﬁeld indicates the maximum number of data bytes that can be
sent before a conﬁrmation is sent and received.
In order to include urgent information in a TCP packet.TCP/IP
52
– the FIN bit that is used to indicate that a communication can be ended. the URG code bit has to be set.
• Checksum: is a check value of the TCP packet • Urgent Pointer: the value indicates where in the data ﬁeld the urgent information starts.

• Destination port (2 bytes): port of the application to which this message is destined.13: The UDP segment
A UDP segment consists of a header of 8 bytes followed by the data.
Figure 3. applications can send IP packets without setting up a connection. this is equal to zero if no port is used. UDP is described in RFC 768. Many Client Server applications that have one request and one answer use UDP instead of having to set up a connection and cancel this again later on.TCP/IP
53
3. The UDP header is thus much simpler than the TCP header. The header consists of:
• Source port (2 bytes): port number of the sender. • Length (2 bytes): the length in bytes of the UDP header and the encapsulated data. namely the UDP (User Data Protocol).4
UDP
The protocol suite of the Internet also has a connectionless transport protocol.
. With the UDP. UDP is more or less a zero protocol: the only services that it provides is a checksum for the data and the multiplexes of applications via port numbers. • Checksum (2 bytes)
A typical example of UDP is real time audio loosing data packets is a shame but has no inﬂuence on the further functioning of the application.

One application starts the communication and the other accepts this.6. two application programmes have to be used for each communication.
• Is directly started by the user and is only carried out for one session.1
Communication over TCP(UDP)/IP
Client Server model
An internet (TCP/IP) ensures a general communication infrastructure without specifying what services can be used. remote Clients look for contact • Requires some powerful hardware and an advanced control system (depends on the
application type)
. Such a model is currently only applied to communication between two different hosts over TCP/IP and is called the Client Server model: a Server application waits passively on contact while the Client application starts the communication actively. TCP/IP provides a basic communication service but this protocol software is not capable of making or accepting contact from a remote participant. Features of Client software:
• Is an application programme that temporarily becomes a Client when remote access to
a computer is required but that also carries out local calculations and operations.TCP/IP
56
3. The communication between two participants will therefore be based on a model where one application is active (interaction requests) while the other is passive (listening and possibly accepting).6
3. Therefore. • Runs locally on the user’s PC • Establishes active contact with a Server • If necessary. one signiﬁcant problem: the protocol software cannot tell at all to an application programme that a request for communication has arrived.
• Is automatically activated when a system starts and remains active for many sessions • Waits passively until random. can access several Servers but establishes active contact with one Server
at a time
• Does not require special hardware or an advanced control system
Features of Server software:
• Is a specially designed application programme that supplies one speciﬁc service but
can handle different Clients at the same time.

The TCP software on the Server’s computer uses the destination port number in an incoming message to determine which Server has to handle the request.15: Client Server model over TCP/IP
3. Several Clients and Servers can be active at the same time on computer systems. The original deﬁnition of a socket according to ARPANET is the combination of the IP address and the port
. only has one physical connection with the Internet. transport protocols give each communication service a unique name.2
Endpoint and Internetsocket
Figure 3.
Figure 3. The Server waits passively for communication via this port number.15 shows a Client Server communication over the TCP/IP stack. A speciﬁc protocol port number is assigned to each Server. TCP uses protocol port numbers. It is important here that every application is identiﬁed unambiguously although the computer. the Client mentions the port number of the required service. When sending a request. on which several applications run.6.TCP/IP
57
Figure 3.16: Endpoint and socket concepts
endpoint The endpoint concept and socket concept can sometimes be confusing. For this reason.

TCP/IP
58
number. A programme that has more than one control thread. The second part consists of the code that can handle every individual request. Every Client that sends a TCP segment will place this local port number in the
. The server creates a new thread and a new process for every request that is received. An endpoint describes via which logical way an application can be accessed via an internet.
3. Internetsocket The term socket is today only a software term. TCP requires from every Client that it selects a local protocol number that is not allocated yet to a service. also called socket in short. or thread in short. only the main thread runs. Meanwhile. else this Client has to wait for other Clients to ﬁnish. This ﬁrst part is called the main thread. the main thread produces a new thread that handles the request. An Internet socket. then it is important that the incoming messages of a Client are linked to the correct Server thread.4
Unambiguous communication
If several threads of a Server are active. A socket organises the folders and the links of an application on the endpoint.also called network socket.3 Dynamic Servers
A computer system on which several application programmes can run at the same time is said to be a system that supports concurrency. When a request is received. Most of concurrent Servers work dynamically. This combination is now called an endpoint. Concurrency is essential for the Client Server interaction model as a concurrent Server can serve several Clients at the same time. the main thread keeps the Server active and waits for a next incoming request. When a concurrent Server starts. A ﬁrst part that accepts the requests and starts a new thread for this request.6. In principle. This results in the Internet socket concept . is called a concurrent programme. process or task.6. a Server consists of two parts. is a bi-directional communication endpoint for a process to process connection and is deﬁned by:
• The protocol
– UDP protocol: datagramsockets of connectionless sockets – TCP protocol: streamsockets of connection-oriented sockets – raw IP packet (bv ICMP): rawsockets
• Local IP address • Local protocol port number • Remote IP address • Remote protocol port number
3.

1.51
The communication between Client 1 and the Server is characterised by the following socket:
• Protocol: TCP • SP: 4444 • DP: 80 • SA: 172. This way.17 shows how unambiguous communication is set up when two Clients set up a remote connection on the same PC with the same Server.23. every (Internet) socket has to be unique.TCP/IP
59
source port ﬁeld.23.1. The protocol port number of the Server is then placed in the destination port ﬁeld. The communication between Client 1 and the Server is characterised by the following socket:
• Protocol: TCP • SP: 4400 • DP: 80 • SA: 172.23. messages from several Clients can be received on the same Server without causing any problems.51
It is enough that one of the parameters is different in order to assign a unique identiﬁcation to both connections.
Figure 3.2. TCP uses the combination of the protocol port numbers and the IP addresses to identify a certain communication on the Server’s computer.2.
.17: Client Server model over TCP/IP
Figure 3.101 • DA: 172.23.101 • DA: 172. In short.

6.
3.
• Protocol: TCP • SP: 80 • DP: 0 • SA: 172.0.0
A TCP socket can have the following statuses
• listening • established • Syn-sent • Syn-Recv • Fin-wait1 • Fin-wait2 • Time-wait • Close-wait • Closed
A UDP socket cannot be in established status. The main process processes incoming data packets in sequence. the two applications can exchange data. A UDP Server cannot create new threads for every other Client.6
Connection-oriented communication and connectionless communication
Transport protocols support two basic communication forms: Connection-oriented (TCP) and connectionless (UDP). then this Client has to ask TCP ﬁrst to start a connection with another application. After the connection is established.51 • DA: 0. The alternative is a connectionless communication whereby an application can send a message at any moment to any destination. If a Client uses TCP for a connection-oriented communication. via the same local UDP socket.5
Status of a socket
A TCP socket can be in the listening status.23.6. TCP closes the connection after the two applications end the communication.0. Clients and Servers can use both basic forms for their communication. then the socket data are intended for the Server. An application that uses UDP can send a series of messages whereby each message is sent to another destination. When a Server waits for a remote Client to request a communication.
.TCP/IP
60
3.1.

4. No LAN hardware or WAN hardware can set a relationship between the NetID of an IP address and a network or between the HostID and an IP address and a host. A request message contains an IP address and asks for the corresponding hardware address and the MAC address. these data have to be wrapped in a frame that can be delivered by the local hardware to the right participant. This frame also has to contain the hardware addresses of the sender and the receiver.Chapter 4
Extension protocols and network applications
4. besides the IP address of the destination. the TCP/IP protocol suite contains an Address Resolution Protocol (ARP).1
ARP
Introduction
The IP address is a virtual address which is processed by software.2
Address Resolution Protocol (ARP)
If the IP protocol wants to send a message over Ethernet. then the MAC address of the destination also has to be known. the ARP protocol will temporarily store all information which is received in a table. The reply contains an IP address that was included in the request and the hardware address. The ARP deﬁnes two basic message types: a request and a reply. For this reason.1. In order to transport an IP packet. It is obviously hopelessly inefﬁcient to ﬁrst send an ARP request for every IP packet to be sent.1: The ARP cache
.1
4. For this purpose.
Figure 4.1.

A BootP server recognises this message and returns a BootP reply message with all required information to the requesting participant. BootP uses an IP packet although the participant does not contain an IP address yet.
Figure 4. The BootP server can use the hardware address to send a reply. The RARP protocol does the reverse. Every host has to obtain an IP address. This results in a reply with the looked up IP address.2
BootP
The Bootstap protocol is added to the TCP/IP suite to combine a number of dynamic conﬁguration steps into one step. the applied subnet mask. a number of issues have to be conﬁgured before this host can actively participate in the network trafﬁc.a request with a hardware address...a programme that is used to retrieve and analyse data on a computer network).
. the IP address of the default gateway (this is the router that links the local network to other networks and to the Internet. Figure 4.Extension protocols and network applications
62
ARP manages this table like a cache: a small table with a limited number of bonds that are all the time overwritten or are deleted again after a period (a few minutes).. BootP simpliﬁes the conﬁguration but the problem remains that a BootP server retrieves its information from a database that the administrator has to update manually.1 shows how a current overview of the ARP cache is obtained with the DOS command arp -a. It sends a request .
4. In this part is discussed how certain data can be conﬁgured automatically during the start up. The start-up process is also known by the name bootstrapping.1
BootP and DHCP
Introduction
During the start of a host.2: ARP reply in Wireshark
Figure4. A broadcast address is sent as target address only consisting of ’1’s and a source address only consisting of ’0’s.2. In order to obtain conﬁguration information.2 shows the use of ARP in Wireshark (Wireshark is a packet sniffer and protocol analyser .2
4. the BootP protocol sends a request broadcast message. This data can be recorded statically in a host or can be assigned dynamically to a host.
4. ) and any data with regard to the DNS server (see also in this chapter).2.

The DHCP server can then send the reply as a unicast message to the Relay Agent. One or more DHCP servers will be present per network and these can assign these data. DHCP is a protocol that can assist a host on a new network without manual intervention of an administrator. A DHCP Relay Agent looks out for broadcast messages from DHCP clients on the network via the familiar bootpc (67) client port. packed in an IP
packet in order to trace a DHCP server. It is a Client server protocol. a DHCP server can also serve a network to which it is not directly connected via a DHCP Relay Agent.2. To do this. In other words.Extension protocols and network applications
63
4.3
DHCP
The IEFT has developed the Dynamic Host Conﬁguration Protocol (DHCP) to further automate the conﬁguration.255. a subnet mask and lease time for the IP address.
• DHCP ACK message: the server replies with a conﬁrmation. The client is a new host that requests for the IP data.2. Figure 4.3 shows the different steps during the automated conﬁguration of a host.4 DHCP Relay Agent . the DHCP protocol consists of four steps:
• DHCP discover message: a Client sends an UDP message via port 67.0.
.3: DHCP protocol
For a new host. This answer contains an IP
address.0 is assigned as source address.255. the DHCP Relay Agent ﬁlls in the "giaddr" ﬁeld in these messages with its own IP address.
• DHCP request message: the host chooses from the various offers and replies to the
chosen server with a request message that contains the conﬁguration parameters. The Relay Agent then sends the reply either via a broadcast message or via a unicast message on the client’s network.
4. These messages are converted into unicast messages and they are then forwarded to the conﬁgured DHCP server.DHCP option 82
DHCP Relay Agent is a bootstrap protocol that can send DHCP messages between clients and servers for DHCP over various IP networks.255) is used and 0.0. A broadcast destination address (255.
• DHCP offer message: a DHCP server replies to the Client.
Figure 4.

the delivery of these can be greatly delayed or delivered in the wrong order.1
ICMP
Introduction
Data packets can get lost in the IP communication service. The DHSP server must obtain this information about the location of the host that is sending the request. ICMP has ﬁve error messages and four informative messages. Here the option uses two associated pieces of data: Circuit ID and Remote ID.Extension protocols and network applications
64
DHCP option 82 is a DHCP Relay Agent Information Option. This message is sent to the host that has created the IP packet. This way it can be reported if a certain network feature is not available or if a certain host or router is not available.
.2
Internet Control Message Protocol
The TCP/IP protocol suite contains a protocol (Internet Control Message Protocol (ICMP)) to send error messages.
4. especially when using the network diagnosis commands ping and traceroute.
4. A primary example of error detection is the header checksum.3. this is sent by a router after the Time to live ﬁeld has been reduced to
zero. Every time a data packet is received. the checksum is checked to make sure that the header is not damaged. The ﬁve ICMP error messages are:
• Source quench: this is sent by a router if it is temporarily short of buffer space and
therefore has to discard incoming IP packets. The sending host will have to adapt the transmission speed. then this message is straight away discarded. This information can also be used by the DHSP server when deciding on the assignment of a speciﬁc IP address.3. This information may be used to indicate where an assigned IP address is physically located in the network. If a checksum error is observed. This option has been developed so that a DHCP Relay Agent network can add speciﬁc information to a message that it forwards to a DHCP server. a computer user gets in touch directly with the ICMP protocol.
• Destination unreachable: this is sent by a router if it notices that an IP packet cannot
reach its destination. No message is produced in this case as the source address is deleted together with the message. The error message distinguishes between a situation.
• Redirect: this is sent by a router if it notices that the IP packet actually has to be sent
to another router to reach the ﬁnal destination. Sometimes.3
4. IP is not a reliable communication service but tries to avoid errors and reports any problems when they occur. Other less serious problems may be reported though. whereby a complete network is temporarily delinked from the Internet (if a certain router is not functioning correctly) and the case where a certain host is temporarily ofﬂine. This information is heavily dependent on the DHSP Relay Agent and for Ethernetbased networks this consists of the MAC addresses of the ports on the Relay Agent that form the link with the end host.
• Time exceeded.

3
ICMP message
The ICMP protocol is a supporting protocol for the IP protocol.4 Check accessibility of a host
Many tools retrieve information over a network by sending test messages and then wait for the ICMP replies. ICMP also deﬁnes four informative messages:
• Echo request/reply. The ping programme (to be entered as DOS command) sends IP packets via ICMP to another participant to check if this host can be reached via the network. a static summary of
.
4.3. An ICMP error message is always produced as a reply to a certain IP packet. an echo reply is
sent.4 Shows how an ICMP message is encapsulated in a data frame. Moreover. The answer contains the same data as the request. The target host has to send these small packets back immediately (as an echo). This is always returned to the source of the IP packet. It uses IP packets to send messages. Figure 4.4: Encapsulation of an ICMP message
The different ﬁelds in the ICMP header are:
• TYPE: • Code: • Checksum: • Identiﬁer: • Sequence number:
4.Extension protocols and network applications
65
• Fragmentation required: this is sent by a router if it notices that an IP packet is greater
than the MTU (Maximum Transmission Unit) of the network over which the IP packet has to be sent. One of the most important diagnosis tools is the ping programme.
• Address mask request/reply. An echo request can be sent to any host. a host sends an address mask request when it is started.3. In return.
A router replies with a message that contains the correct subnet mask that is used on the network.
Figure 4.

5: Ping command
4.3.85. discards the message and returns an ICMP
. The ﬁrst router reduces this value to 0. the IP address of the ﬁrst router can be displayed.9 Quite a few suitable options are possible.5
Trace a route
If the ping programme is only used to check if a certain host is accessible.
Figure 4.16. then the tracert command will show the route to a certain host.Extension protocols and network applications
66
the percentage of small packets for which no reply is given and the response time are also displayed.be ping 134. An overview of all options is obtained if the ping command is entered as such. discards the message and sends back an ICMP Time Exceeded message. The second router will set the time to live value to 0. Figure 4.
Figure 4. The ﬁrst router reduces this value and forwards the message.google.6: Tracert command
Tracert ﬁrst sends a test packet with a time to live value of 1.6 shows in which way a tracert command displays all IP addresses of the routers that receive the test packet and returns them. The IP address or the host name can be used. Next a test message is sent with a time to live value of 2. This way. ping www.

7 Shows how an IGMP message is encapsulated in a data frame. Some important aspects of multicasting:
• The membership of a group is dynamic: hosts can enter or leave a group at any moment.and host extensions for the support of multicasting by IP hosts. Some IGMP messages:
• Host membership report: is sent if a host becomes member of a multicast group and
informs by way of this message all other members of the group.
4. this RFC also contains a deﬁnition of version 1 of IGMP. A router saves these reports and guarantees the maintenance of the multicast group in this way. Both versions of IGMP offer a protocol with which information about the membership of a host of speciﬁc multicast groups can be exchanged and updated. the IP address of the second router is known.Extension protocols and network applications
67
error message. It uses IP packets to send messages.4. Besides the deﬁnition of address.
4.
• Leave group: this message is sent by a host that is the last one of a group within a
certain network segment to leave a group.
. The collection of participants that listen to one speciﬁc multicast IP address is called a multicast group.
• Host membership query: is sent by routers to periodically inform the group members in
a network.4.
• Hosts can join multicast groups by sending IGMP messages • There is no restriction with regard to the size of groups. All members of a group reply once again with a membership report. This way. The different participants can
be spread out over several networks on condition that the intervening routers support IGMP.
• Hosts that do not belong to a certain group can send IP messages to that group. IGMP version 2 is deﬁned in RFC 2236. Figure 4. The IGMP protocol is a supporting protocol for the IP protocol.1
IGMP
Introduction
IGMP (Internet Group Management Protocol) is the protocol for IP multicast applications on TCP/IP networks. This standard is deﬁned in RFC 1112. Routers retain all information and ensure that no multicast messages are sent on networks where no members of the group are present. This procedure is continued until the ﬁnal host is reached.4
4.2 IGMP messages
IGMP describes how the information about the membership status is exchanged between routers and the different participants of multicast groups. Multicast messages are sent to one address (multicast IP address) but are processed by several hosts.

.255.4.0 up to and including 239. A switch can send multicast messages immediately to the correct ports in this way and thus ensures that multicast messages do not put a needless strain on a network.0. The addresses within the range 224.255.x.3
IGMP snooping
A switch that connects a member from a multicast group with a router can read IGMP messages and evaluate by means of IGMP snooping.0.x. For private networks it is recommended to use multicast IP addresses in the range 239.x. This is opposed to the static use of multicasting whereby the groups in all switches and for all ports have to be conﬁgured manually. Multicast MAC addresses are also reserved. A switch can store multicast MAC addresses this way in its multicast ﬁlter table.Extension protocols and network applications
68
Figure 4. For switches.4.0. The time to live value of such IP packets is set to 1 so that such messages continue to be available on the network.255 are reserved for multicast applications within one network.4
Multicast addresses
Multicast IP addresses are class D addresses that lie in the range 224. All addresses for which the ﬁrst byte is equal to 01h are available for multicasting.1 up to and including 224. IGMP snooping translates multicast IP addresses in multicast MAC addresses.7: Encapsulation of an IGMP message
4. Addresses that start with the value 01:00:5E:0 are multicast MAC addresses that are used for IP multicasting.255.0. this is also called the dynamic use of multicasting.
4.0.0.

GMRP and GARP are commercial protocols deﬁned by IEEE 802.5.1
GMRP
IEEE 802. Thanks to the IEEE 802.2
GMRP processing
GMRP processes multicast group addresses on Layer 2 (MAC layer). This deﬁnes a priority level between 0 and 7 so as to be able to differentiate the network trafﬁc. On the host.117. However.1p protocol. These include GMRP (GARP Multicast Registration Protocol). Thus the multicast IP address 228. When the switch receives the GMRP join message.117.
4.216 is also converted to multicast MAC address 01:00:5E:1E:75:D8. it will add the port on which it received this message to the relevant multicast group.5. The switch forwards the membership request message to all the other participants in the VLAN.1P standard also provides measures for ﬁltering multicast messages so that they are not needlessly broadcast via Layer 2-based networks. which of course also
. With the GMRP messages. The most important bit of the second byte belongs to the recognition code of a multicast address and is therefore not mapped.8: Conversion from multicast IP address to multicast MAC address
This conversion requires some attention.1p deﬁnes a 3-bit ﬁeld within a tagged Ethernet frame. GMRP runs both on the switch and on the hosts. A switch receives both the Layer 2 GMRP messages and the Layer 3 IGMP ones. Here Quality of Service is an important tool for ensuring that the most critical data are delivered in the most predictable way.Extension protocols and network applications
69
Figure 4. The IEEE 802. It is essential for growing network trafﬁc to be managed efﬁciently.
4. Predictability and reliability of network trafﬁc are thereby improved.5
4. switches can process network trafﬁc in order of priority. the switch restricts the data trafﬁc in the VLAN group in which the sending host is located.158.30.1p
Company networks are becoming ever larger and more complex. IEEE 802. GMRP is used together with IGMP and Layer 2 data frames are created from the Layer 3 IGMP messages.216 is converted to multicast MAC address 01:00:5E:1E:75:D8. the multicast IP address 228.1P.

google.cs.
4. A link has to be established between host names and IP addresses as users tend to use the host name whereas TCP/IP protocols are based on IP addressing. If a participant wishes to remain a member of a group. A participant who no longer wishes to remain a member of the group can send a leave message or not reply at all.Extension protocols and network applications
70
includes the multicast source.be (search engine). the switch forwards this message only to the members of this group.6
4.6.1 gives an overview of all names
. gaia. Other segments in a domain name identify the group that is the owner of the name. it will delete this participant from the list. such as www. The GMRP periodically sends queries.1
DNS
Introduction
There are two important ways to indicate a host on the Internet. he sends a reply to the switch.
4. they set up a DNS architecture in RFC882 and RFC883. The leftmost segment is the name of the individual host. Host names. Domain Name System (DNS) provides a solution to this problem. Mockapetris and Jon Postel are the inventors of the Domain Name System. Domain names have a hierarchical structure whereby the most signiﬁcant part of the name is located to the right. every host name consists of a series of alphanumerical segments that are separated by dots. DNS stands for:
• A distributed database which is implemented in a hierarchy of DNS servers • An application layer protocol with which hosts and DNS servers can communicate during the translation session (conversion from an IP address to a host name and vice versa). The DNS servers are often Unix machines on which the Berkeley Internet Name Domain (BIND) software or Microsoft DNS software is run. does not provide enough information about the location of that host within the Internet. Besides the already mentioned IP address.edu (computer networks research Group of the university of Massachusetts. When the source sends a multicast message to the group. Paul V. A host name however. Amherst) are easier to remember and therefore more user-friendly. The DNS issues values for the most signiﬁcant segment. If the switch does not receive a reply or it receives a leave message from a speciﬁc host. Table 4. The DNS protocol works with UDP and uses port 53. DNS does not record how many segments a domain name has to contain. Dr.umass.6. it is also possible to give a participant a host name (a symbolic name) which is generally easier to use.2
The structure of a host name
With regard to syntax. In summary. In 1983.

1: Names for the most signiﬁcant part of a domain name
Domain name com edu gov mil net org int country code
Allocated to commercial organisation educational institute government body military group network supporting centre other organisations international organisation a country. DNS is (from the perspective of the application on the user host) a blackbox that provides a simple. This way. and an application layer protocol that determines how the DNS servers and the requesting hosts communicate with each other. Although the simplicity of this design is attractive. All DNS request.g. In fact. located all over the world. • Verifying DNS servers. then this application will call the client component of the DNS with the host name that has to be translated. After a delay (which can vary from a few milliseconds to a few seconds). the DNS client component receives a DNS reply message with the requested reference on the user host. In this centralised design. DNS uses a great number of DNS servers (located all over the world) in a hierarchical structure. be for Belgium
4. this solution is unsuitable for the current Internet with the enormous (and fast increasing) number of hosts.and reply messages are sent in UDP segments to port 53. • Top level domain (TLD) DNS servers. there were three classes of DNS servers:
• Root DNS servers. all clients would only have to send their requests to that one DNS server and then this server would process all requests.3
Functioning of the DNS protocol
Introduction When an application (e. a web browser) on the host of a user has to convert a host name into an IP address. This reference is then transmitted to the application. The references are divided over the DNS servers. the service that supplies the blackbox is very complex and consists of a great number of DNS servers. The DNS client component on the user host then takes over and sends a request message to the network. There is no DNS server that contains all references for all hosts on the Internet. uncomplicated translation service. A simple design for DNS would consist of one DNS server that contains all references.Extension protocols and network applications
71
Table 4.6.
A distributed. hierarchical database A DNS client ﬁrst contacts one of the root servers that returns IP addresses for TLD servers for the Top level domain com. At ﬁrst. The client then contacts one of these TLD servers that returns
.

Every ISP (Internet Server Provider) has a local DNS server (also called standard DNS server (default name server)). Rather quickly. a local DNS server has no place in the hierarchy but is of vital importance to the DNS structure. TLD. Finally. the SNMP protocol was deﬁned in RFC 1157. SNMPv2: With the experience gained. Most universities and large companies implement and manage their own primary and secondary (as back-up) verifying DNS server. net. on their verifying DNS server. each server consists in fact of a cluster of replicated servers (for reasons of security and reliability). The main features of SNMPv3 consist of:
• security
.7
4. edu and all countries top level domains such as be. The root. SNMPv3 is therefore SNMPv2 supplemented by security and administration. this protocol was implemented on a large scale in commercial products and this protocol became the de facto standard for network management. Although the 13 root DNS servers are indicated as one server. jp. org. Strictly speaking.
4. This protocol describes a structure way of safeguarding and managing a certain network infrastructure. for a fee. Root DNS server On the Internet. the client contacts one of the verifying servers that will return the IP address of the host name. the ISP gives the host the IP addresses of one or more of its local DNS servers (mostly by means of DHCP). When a host wants to make a connection with an ISP. An organisation can choose to implement a verifying DNS server with these data by itself but it can also ask a service provider (Telenet for example) to store these data. an improved version of SNMP was written in 1993 in RFC 1441 and RFC 1452 (co-existence between v1 and v2) to become the Internet standard in the end.Extension protocols and network applications
72
the IP address of a verifying server.and verifying DNS servers all belong to the hierarchy of DNS servers.1
SNMP
Introduction
SNMPv1: In 1990. SNMP stands for Simple Network Management Protocol.7. Verifying DNS server Every organisation which has hosts (on the Internet) that the public can access (such as webserver and Mailserver) is obliged to supply DNS data in which the names of these hosts are linked to IP addresses. SNMPv1 and SNMPv2. fr. There is still another important type of DNS servers that are called local DNS servers. Top level domain (TLD) server These servers are responsible for top level domains such as com. SNMP is designed to be a simple protocol. nl. there are only 13 root DNS servers (indicated with the letters A-M) of which most are set up in North America. These DNS data are stored on the verifying DNS server. SNMPv3: The third version of the Internet Standard Management Framework (SNMPv3) is derived from and based on the previous versions.

switches. All computers comply with this requirement. routers and peripherals that have been designed for network use.Extension protocols and network applications
73
– authentication and privacy – access control
• administration
– user names and key management – designation of participants – policies
On a network. a node should be able to run an SNMP management process. routers.an SNMP agent. all intelligence lies in the management stations so that the agents are kept as simple as possible and to keep to a minimum the devices on which they run.9: Managers and agents on a network
The network management is carried out from management stations: in fact with normal computers in which special management software is run. In this set up.
Figure 4.7. Every agent keeps a local database with variables that represent its situation and history and inﬂuence its functioning. Many management stations have a graphic user interface so that the network administrator can check the network status and take action accordingly. Such participants can be hubs.
4. In order to be managed directly by SNMP. as well as many hubs. there are many interesting active participants that contain important status information for network management.
. These stations contain one or more processes that communicate with agents via the network whereby they give orders and receive replies. switches. printers or PCs.2
SNMP structure
The SNMP framework consists of three essential components:
• the MIB (Management Information Base (RFC1213)) is the description of all variables
that a certain network element contains.

Extension protocols and network applications

74

• SMI (Structure of Management Information (RFC 1155)) is the structure for the storage
of the network information.

• SNMP (RFC1157) is the communication protocol between the manager and a network
participant. Most existing networks are mixed products - with hosts of one or more manufacturers, hubs, switches and routers from other companies and printers from a different company. In order to make it possible that a management station (possibly from another supplier again) can talk with all these various components, the type of information, that is maintained by all these devices, has to be strictly speciﬁed. It is useless if the management station asks a router what its frequency of lost packets is when the router does not update this frequency. Therefore, SNMP describes the exact information that every type of agent has to maintain and the format in which the agent has to supply this information. The main part of the SNMP model is the deﬁnition of who has to maintain what and how this information has to be transmitted. In short, it comes down to that every device maintains one or more variables (objects) that describe the device status. The collection of all possible objects in a network can be found in the data structure called MIB (Management Information Base). The SNMP protocol itself describes how the interaction between the management station and the agents is set up. Five different message types are deﬁned here.

4.7.3

The MIB and SMI

Figure 4.10: MIB is a database which contains all variables for network management

The collection of objects that is managed by SNMP is deﬁned in the MIB and represented in ﬁgure 4.10. For sake of convenience, these objects are divided into different groups. These categories are meant to provide a basis for what a management station has to cover.

• The group System gives the manager the opportunity to ﬁgure out how the device is
called, who has made it, which hardware and software it contains, where it is located and what it has to do. The timestamp of the last boot is also speciﬁed.

Extension protocols and network applications

75

Figure 4.11: MIB tree structure

• The group Interfaces is responsible for network adapters. This updates how many packets and bytes are sent and received through the network, how many are discarded, how many broadcasts there are and how long is the current execution-queue.

• The group IP is responsible for IP trafﬁc to and from the node. This has several counters
on which are updated the number of packets which are discarded for various reasons. Statistics are also available about the fragmentation and setting the datagrams back again. All these items are very important for the management of the routers.

• The group ICMP relates to IP error messages. There is a counter for every ICMP message
in which the number of each type observed are updated.

• The TCP group registers the actual number of opened connections, sent and received
segments and various statistics about errors.

• The UDP group counts the number of sent and received UDP datagrams and also updates the number of received datagrams which were returned to sender due to an unknown port or for another reason.

• The last group is intended for the collection of statistics about the functioning of SNMP
itself: the number of messages which were sent, the type of messages, etc.

Extension protocols and network applications

76

Every variable, every object from the MIB is characterised by an object identiﬁer (OID) and its type:

• The OID describes a path in the MIB tree structure. Figure 4.11 shows the structure of
the MIB as used for SNMP. The object sysObjectID, which is part of the system group, can be accessed via OID 1.3.6.1.2.1.1.2.0

• Object types are built by means of fundamental types that are identiﬁed in the SMI.
Different MIBs are available. First of all, the global MIBs are described in RFCs. MIB2 is described in RFC1213, for example. Such MIBs have to be supported by all SNMP compatible devices. On the other hand, there are also manufacturer-speciﬁc MIB objects.

4.7.4

SNMP protocol

The normal use of SNMP is that the management station sends a request to an agent with a request for information or with the order to update the status in a certain way. In the ideal case, the agent only replies with the requested information or conﬁrms that the status has been updated as requested. SNMP deﬁnes the different messages that can be sent.
Table 4.2: SNMP messages from manager to agent

Message Get request Get next request Get bulk request Set request Inform request

Description Request the value of one or more variables Requests the variable after the current one Retrieves a large amount of information Updates one or more variables Message between managers that describes the local MIB

In one speciﬁc case, the agent itself can take the initiative to send a message and this is done the moment an agent observes a certain critical event. Managed nodes can drop out and reboot, network segments can drop out and start up again, etc. Every relevant event is deﬁned in an MIB module. When an agent observes that there has been a relevant event, then he immediately reports this event to all management stations in his conﬁguration list. This message is called an SNMP trap. The message mostly only states that some sort of event has occurred. It is then the task of the management station to carry out requests to ﬁnd out the details.
Table 4.3: SNMP messages from agent to manager

Message SNMP trap

Description Message about event from agent to manager

Figure 4.12 shows that SNMP messages use UDP protocol and the ports which are used for this purpose;

On the sending side the TLS Layer encrypts data from the application and forwards it to the correct TCP port.
The techniques used are based on concepts such as public key and certiﬁcates (see Security section).8
4. is an encryption protocol for creating a secure data channel on an insecure network such as the internet. On the receiving side.13: SSL TLS layer
TLS provides the following safeguards for client/server applications via TCP/IP:
• Authentication: an application permitted to verify the identity of another application
with which it is communicating. and above the TCP transport protocol. Both protocols run one layer below the application protocols such as http. a handshake procedure is ﬁrst initiated in which the encryption algorithm and the codes to be used are agreed and the client veriﬁes the
. • Integrity: applications detect whether data have been amended during transmission.8.1
HTTP and HTTPS
TLS/SSL
Transport Layer Security (TLS) . They form part of the TCP/IP protocol suite.Extension protocols and network applications
77
Figure 4. decodes the data and sends it to the application. the successor to Secure Sockets Layer (SSL).12: SNMP communication
4. If an application uses SSL/TLS.
• Privacy: data that are transferred between applications cannot be misused or read. One of its major goals is to make client/server applications secure. TLS reads the data from the correct TCP port. It is the task of the record layer to transfer the data.
Figure 4. FTP. SMYP.

This makes it difﬁcult for an outsider to intercept the data. Each question contains a URL that refers to a web component or a static object such as a web page. It allows the transmission of a random ﬁle and contains a mechanism with which restrictions can be put on ﬁles with regard to ownership and access rights. This protocol is not only used a lot on the World Wide Web but also on local networks. Once this procedure has been completed. See Diagram 4.8. The http protocol uses port 80. the requests of a web browser to the server and the format of the answers. .
4. all the application data are encrypted.
4.
4.1
Overview of some other important applications
FTP
FTP (File Transfer Protocol) is a protocol that facilitates the exchange of ﬁles between different hosts. The execution and monitoring of this handshake procedure are carried out by the highest part layers of the protocol. The protocol deﬁnes the exact format of the requests. and the responses returned by the web server. HTTPS is in principle HTTP with SSL/TLS being used to encrypt the data and to verify the server.9
4. Every http URL begins with ’http://’.
. .
4. When using HTTPS. The protocol can transport a ﬁle between two totally random systems..9.8. Every URL begins with ’https://’. switches. the data are encrypted. The protocol uses TCP port 443..2
HTTP
HTTP (HyperText Transfer Protocol) is the protocol for the communication between a web client (a web browser) and a web server.9.2
TFTP
TFTP (Trivial File Transfer Protocol) is a simpliﬁed version of FTP that is often used to provide ﬁrmware and conﬁgurations to devices like routers.13. The protocol hides the details of an individual computer system for the user and is therefore suitable for heterogeneous situations.Extension protocols and network applications
78
server. HTTP is not secure and is vulnerable to man-in-the-middle attacks and eavesdropping.3
HTTPS
HTTPS (Hypertext Transfer Protocol Secure) is an extension on the HTTP protocol with the aim to exchange data safely.

4
SSH
Secure Shell is located in the application layer of the TCP/IP protocol. As a result. for example. The computer systems that derive their time from this computer. SSH applications may be used automatically without the need for a password in the code. The protocol uses TCP port 22.Extension protocols and network applications
79
4. the user once more has an opportunity to input a subsequent command line.
4. Most commercial switches are also conﬁgurable via a CLI. With the use of the private key. Commands are usually ﬁnished with the <enter> key. The protocol has some intelligent functions. SSH permits secure login to another computer and the execution of remote commands on the other computer via a Shell. This means that the difference can be eliminated without jumps in time. Once the task has been executed. Well-known CLIs include command.3
NTP
NTP (Network Time Protocol) is a protocol with which computers can set their internal clock to the same time of another computer. In addition to operating systems. it is also possible to log into any system that recognises the public key.9. One major advantage of SSH is that authentication is also possible with the aid of a private/public key. The computer network is hierarchically organised whereby the computer with the most accurate time source is indicated as ’stratum 0’. are by deﬁnition ’stratum 1’. use a command line. FTP client and Microsoft’s Telnet Client.
4. An NTP Client can use several NTP servers whereby the NTP Client sorts out by itself server works the best. the user can make the system execute one or more tasks by means of a command line.
. Based on a number of decision criteria. Minor differences in time between server and client are updated by the client by having the time processing on the client’s computer to function a bit faster or slower.com (DOS) and bash (UNIX).5
CLI (Command Line Interface)
If an operating system provides a Command Line Interface.9. there are also other programs that can run with a CLI. The encryption used makes it difﬁcult for third parties to detect the original commands. an NTP Client selects a server and synchronises with this server. NTP is based on the predictability of the network latency.9. via NTP. SSH replaces older protocols such as telnet and rlogin with a secure version of these.

Before a data packet is transmitted from one segment to the other segment via a switch. The various participants of a LAN are linked to each other in an intelligent way by means of switches. a network can be extended in a star-shaped manner. a collision domain starts from every port. a
. This way.1: The switch is self-learning from the incoming messages
A MAC address table is updated from a software point of view for every port. The source address of every incoming message on a certain port is copied to the table. A host (network participant) can be connected to each port of a switch or the connection can be made with another switch. this MAC address table is ﬁlled by studying all incoming messages on the relevant segment. A switch has several ports. A network segment. The switch is self-learning. This technique avoids that inactive stations are addressed or that stations are not recognised anymore.1 General
The switch is the basic component for the building of an Ethernet-based local network. Every address is retained for a limited time and is deleted again as soon as a certain time (the hold time) has lapsed.
Figure 5.Chapter 5
The switch
5.

01) = 6. Switches function in accordance with the store-and-forward principle. This corresponds with the following latency: TL = 0. thus 0. auto negotiation. auto crossing • Non-managed. The second group of switches can be conﬁgured via a web server.an inter frame gap. check it for errors and then forwards it via the correct port. The theoretical latency for a store-and-forward switch to forward a message with minimum length (64 bytes) at a transmission speed of 100 Mbps is determined with the formula: TL = TIG (time for inter frame gap) + (64 ∗ 8 ∗ Bit time) [µs] TL = 0. Some typical technical features of such switches are:
• 10/100/1000 TX. The maximum message size is 1518 bytes. The latency depends on the message size. the ﬁrst distinction is made between two different categories:
• non-managed switches • web-based managed switches
Nothing can be conﬁgured for the ﬁrst group of switches.2: The FL SWITCH SFN 8GT
Figure 5.2
5. So nothing has to be conﬁgured for the general functioning of the switch. Such an approach is also interesting for diagnosis options of the network. no software conﬁguration
. A store-and-forward switch will ﬁrst take the complete data frame in.960 + (1518 ∗ 8 ∗ 0.2.960µs.2 shows the industrial switch (FL SFN 8TX Gigabit switch) of Phoenix Contact. The preamble precedes a message. Between the preamble and the Ethernet frame is an interval time.4 µs
5.1
Industrial switches
General
For industrial switches. This time amounts to 100Mbps.08 µs.The switch
81
switch checks the MAC address and on this basis the transport to the other segment takes place or not.01) = 122.
Figure 5. This time is equal to the time that is required to place 96 bits on the network.960 + (64 ∗ 8 ∗ 0.

have to be deleted. Corrupt data packets. This switch is the type with eight RJ45 ports to which a twisted pair cable can be connected. This means that all addresses that are longer than this time are not used anymore and are automatically deleted from the MAC address table. i. The switch should be able to store up to 8000 addresses in its MAC address table with an aging time of 40 seconds (default setting for delivery). The switch dynamically learns all addresses of the different network participants by evaluating every incoming message on the source address.3: The FL SWITCH SMCS 8GT
SMCS stands for Smart Managed Compact Switch. This time can be set from 10 to 825 seconds via SNMP or Web-based management. Redundant network structures can be built in accordance with the (Rapid) Spanning Tree Protocol or the Media Redundancy Protocol. All ports support autonegotiation and autocrossing. information can be retrieved from the switch via SNMP. All datagrams that reach the port switch are ﬁrst stored in a buffer and their validity is checked.
Figure 5. the switch is particularly suitable for Proﬁnet RT and Ethernet/IP applications and supports the management functions that are required for this.3 standard and is used to build up controllable automation networks on Ethernet.e. Valid data packets are then immediately forwarded via the correct port. redundant power supply. This guarantees an optimum functioning of the network. The switch supports IGMP Snooping for Ethernet/IP. packets that are larger than 1522 bytes. The conﬁguration and diagnosis can take place via a web server and V.24 (RS232) interface. The transmission speed is determined per port by the linked network segment.regardless of the used topology.2 Technical description of an industrial switch
All potential features of a switch are discussed by means of the technical description of the FL SWITCH SMCS 8GT from the Factory Line of Phoenix Contact . • Temperature range: -25◦ C to +60◦ C
5.The switch
82
• mounted on DIN rail.. that are smaller than 64 bytes or packets with CRC errors. All ports support 10/100/1000 Mbps.
. alarm contact. This switch is built in conformity with the IEEE802. Besides the use as normal standard Ethernet switch. The SMCS SWITCH is of the store-and-forward type. Within complete network systems.2.

This way. If this watch dog is not triggered cyclically by the software. This enables a local diagnosis without having to use the matching tools. the allocation of the IP address is set on BootP.The switch
83
The switch is equipped with an alarm contact. The alarm contact is ﬂoating and closed when the switch functions correctly. Via the BootP protocol or via the serial V.24 interface. Conﬁguration software is available to give the switch an IP address in a simple way.3 standard. The switch can obtain an IP address in two different ways. The alarm contact opens when an error occurs during this self-test. The switch can be set to smart mode via a MODE button at the front of the module. This must enable the switch to automatically detect the parameters of a certain subnet on every port and to apply these parameters on this RJ45 port. as described in the IEEE 802.are reversed). Different status LEDs inform the user about the switch status. Received data packets are allocated to these queues. the switch can be set to another user mode without the use of the management interface.and connection information from neighbouring devices. check the connected TP/TX cables for short circuit or interruption. in the situations described below. then the switch can be included as Proﬁnet IO device in the Proﬁnet engineering software. The switch can be conﬁgured as Proﬁnet IO device. The used link test pulses. network architectures can be represented visually or followed up via available software tools. 100 or 1000 Mbps) and the transmission mode (half duplex or full duplex). Furthermore. When using twisted pair cables where a polarity is wrongly connected (more speciﬁcally.1ab. The SMCS supports autonegotiation. Proﬁnet engineering software uses this to visually map out network diagnosis. then the alarm contact will be opened. In smart mode. The priority
. The autonegotiation function can be activated or deactivated via web-based management. This automated detection makes manual interventions by the user superﬂuous. in accordance with the functioning of the switch. This contact should open. at regular intervals. a watch dog will follow the cyclic execution of the software programme. This way a byte of diagnosis information is available per switch port in the engineering software. it is possible to reset the switch in smart mode to default settings. The switch checks. The mechanism to allocate an IP address can be manipulated via web-based management or V. the connected subnets on every port. The SMCS switch supports the LLDP protocol in conformity with the IEEE802. RD+ and RD. then the switch will automatically switch the polarity. The switch will carry out hardware self-test in case of a restart. These parameters are the applied transmission speed (10. During the normal functioning. The SMCS switch supports autocrossing. This feature is known as auto polarity exchange. On delivery.24 interface.1D). The operating mode can be set to default (normal Ethernet switch) via web-based management or in smart mode or on Proﬁnet IO. This means that no distinction is made any longer between a straight-through cable or a crossed Ethernet twisted-pair cable. If the switch is conﬁgured as Proﬁnet IO device. The switch sends and receives management. depending on their priority. The switch support two queues for priority (trafﬁc classes in accordance with IEEE802.

This interface allows diagnosis and conﬁguration during the start. all conﬁguration parameters can be checked and adapted. Different VLANs per port can be set on the switch via the web-interface. Etherlike MIB. several connection paths can exist between two devices. the device can be monitored via the network. Iana-addressfamily MIB. The web interface also provides networkand device information. There are three bits in these four bytes that indicate the priority. a recovery time of 200 to 500 ms is ensured in case of an error. Via SNMP (Simple Network Management Protocol). The SMCS supports the Media Redundancy Protocol (MRP). STP is described in the IEEE802. RSTP Fast Ring Detection function can be activated for the RSTP conﬁguration. Due to structuring of the mesh. This means that different logical networks can be created within one physical network.1d norm and allows the formation of ring structures or mesh structures in the network topology. Q bridge MIB and the own SNMP objects of Phoenix Contact (FL-SWITCH-M MIB). amongst other. The switch supports Spanning Tree Protocol (STP) and Rapid Spanning Tree protocol (RSTP). With web-based management complete device information can be requested using the popular Internet Explorer. SNMPv2 MIB. Furthermore. The following MIBs are supported: RFC1213. An SNMP management system has the option to read conﬁguration data of the device and adapt and carry out a diagnosis. Only connected ports can send data. IANAifType MIB. and is called Quality of Service. This means IP conﬁguration. For a ring topology. In order to prevent endless loops and broadcast storms. The RSTP also supports mesh.50s) by reconnecting the disconnected ports. For this local connection. This ensures that data with a high priority do not get delayed by large quantities of low priority data.The switch
84
is indicated in the VLAN tag of the Ethernet frame. BootP (used for the automated allocation of an IP address) can be switched on or off. In case of an overload. This way. Technical data. A VLAN tag in conformity with the IEEE802. Disconnected ports can still receive data but not send data anymore. the IP address and the subnet mask can be set together with the standard gateway. A following interface is the web interface. bridge MIB. the use and in case of an error. The RSTP is a updated version of the STP and can ensure recovery times from 1 to 10s. The resetting of the parameters to their standard default settings is also possible. The function is only possible for 10 or 100 Mbps. the network will recover after a certain time (20. This tag consists of four bytes and can be found in the Ethernet frame between the source address and the ﬁeld type. The parameters can be stored via this interface and the device can be restarted. local diagnosis data and all commands for the serial interface can be requested. some connections are interrupter by the switch. installation data.and ring structures. Faster recovery times can be obtained with the Fast Ring Detection function. different VLANs can be built within a network architecture with such switches. RMON MIB. SNMP-FRAMEWORK MIB. This principle is used by Proﬁnet RT.. In case of a break in the cable.24 interface (RS232). Via this interface. the data with a low priority are not read anymore. the communication takes place via a programme such as HyperTerminal.1Q can be processed by the switch. SNMP
. P bridge MIB. Versions 1 and 2c of SNMP are supported. The cable is connected to the COM port in case of a PC and to a mini-DIN socket in case of a switch. A local connection with the switch can take place via an V. If MIB.

Some general technical and mechanical data:
• The device is mounted on a DIN rail.
• The protection class is class 3 VDE 0106. • The device is 128mm wide.
• The air pressure could be 80k Pa to 108 kPa at 2000m altitude when functioning and 70
kPa to 108 kPa at an altitude of 3000m above sea level when stored.5V . IEC60536. The function ’Port Mirroring’ can also be activated. that are sent via a certain port.
• It is possible to provide the device with redundant power supply. • Power supply 24V DC (18. • The power consumption is 600mA (15W). Every port can be activated or de-activated individually. IEC60529. via another port. The SMCS switch is equipped with a memory plug. no protection against water) DIN40050.5
mm2 . 110mm high and 69 mm deep and weighs 650g. This is important as errors can be detected this way via a network sniffer. All transmission parameters can be adapted and statistics about the data themselves can be requested via web-based management. • The earthing is done via the DIN rail on which the device is mounted. • The insulation class IP20 (protects against ﬁxed objects greater than 12mm.30. The item ’Switch Station’ enables the followup of all sorts of diagnosis information about the different ports and the alarm contact. it is possible to send all data. FL MEM PLUG.
.The switch
85
conﬁguration.5V) and can be effected on a section of maximum 2. With this function.
• The switch should work and stored safely in areas with a humidity between 10% to 95%
without condensation. • The operating temperature ranges from 0◦ C to 55◦ C and the storage temperature (idle
condition) is between -40◦ C to 85◦ C. software updates and passwords.

1: The router and the OSI model
6. for example internet and a corporate network.1 shows that a router can be considered as a switching device for data packets that are active in layer 3 of the OSI model. Figure 6. The sender encapsulates the IP packet in a frame with a header in conformity with the physical network on which the sender and the router are linked.
Figure 6.
.2
Routing messages
A message that is sent from the one computer to the other computer over an internet has to be handled by several routers.Chapter 6
The router
6.1 Introduction
A router is a device that connects two or more distinct computer networks with each other. A sender will send the IP packet ﬁrst to a ﬁrst router.

Figure 6.The router
87
Figure 6. the router looks up the destination address of the packet to be routed on its routing table. The router builds a routing table by exchanging route information with neighbour routers. There are different routing protocols for this.2: An IP packet at the different steps during the route over an internet
When the frame reaches the router.2 shows that an IP packet is encapsulated every time in a frame that corresponds with the physical network.
. In case the destination address can be routed and is therefore present in the routing table. It is clear that a router has an IP address for every port that belongs to the range of the Net ID to which the router is linked. it unwraps the frame and checks the IP packet. whereby the shortest path to the ﬁnal destination is chosen. then the router will use the corresponding next node to determine the outbound port. This creates a complete picture of all routes in the IP network. The next node is usually another router that is linked via one of the router ports. In order to choose the correct outbound port. A router is considered as an output device. In other words: the node that is selected is part of the shortest path. determined by the TTL value (Time to Live) of the packet. The router must now know via which port it has to forward the message. The router will build a routing table based on the shortest path algorithm (Edsger Dijkstra). A data packet can normally go through a certain number of routers before reaching the ﬁnal destination. The router will encapsulate the IP packet again with a speciﬁc header to the physical network to which both routers are linked. a routing table consists of a table with IP addresses or grouped IP addresses (subnet) and the corresponding next node (next hop). For the TCP/IP protocol. The inbound IP packet is sent to the outbound port. But every port also has a physical hardware address corresponding to the subnet protocol to which this router port is linked.

equipped with a modem and wireless AP. a Net ID will have to be selected. such a router is equipped with a LAN and WAN interface. ﬁrewall or a switch. network switches operate at Layer 2 of the OSI model and network routers operate at Layer 3 of the OSI model. equipped with two network interfaces. The major difference between Layer 3 switches and standard routers is the hardware structure. Layer 3 switches differ slightly from standard network routers. For the automation network based on Ethernet. The industrial routers also have all sorts of extra functionalities so that they can be deployed as a complete security module for a safe linking of industrial networks to corporate networks. In its typical use for intranets. can function as router. The router will obtain an IP address on the LAN side that belongs to the range of the chosen Net ID. the hardware of a switch is combined with that of a router so as to be able to guarantee better performance in routing in larger LAN infrastructures. They were created in response to the need for routers that can easily be used in extended LAN networks such as company intranets.The router
88
6.3
Types of routers
There are many different types of routers. dynamic decisions are taken on how to forward (route) these messages. The device is actually a small. Both process incoming messages and. In its most simple form. Figure 6. These devices are often called layer-3 switch. This is usually the ﬁrst or the last free IP address
. Commercial routers for home use are often combined with a switch. the router connections and all sorts of extra functions that are built in the router. based on the addresses given in the messages. They can be distinguished by their shape. a simple PC.5
Linking of a private network to the Internet
An industrial router will be used to link an automation network to a corporate network or to the Internet. Industrial routers are discussed elsewhere in this chapter.3 shows an example.
6. By means of software. A Net ID preferably has to comply with the RFC 1597. a Layer 3 switch has no WAN port and normally does not support typical WAN applications either. An industrial network can be linked with this to a corporate network or the Internet. A Layer 3 switch is a high-performance device for network routing. A hardware router is a separate device. In a Layer 3 switch.
6. one can distinguish between software routers and hardware routers. such as a modem. Switches with router functionalities are available in the market. so that only one device is required to link a private network to the Internet. simple computer that has been developed especially for the routing.4
Layer 3 switch
As described.

Figure 6. usually via DHCP.23. Figure 6.3: Linking of a private network to the Internet via a router
A network can be linked to the Internet via the WAN interface of the router. The private network can only be reached via this external router IP address. then the PC ﬁrst has to build a ﬁrst IP packet to request the connection.0. the router will replace the source IP address of the PC with its IP address on the WAN side. On the other hand. The MAC address of the router is obtained via the ARP protocol.23.
.22. The server can now send a reply and will address this reply to the external IP address of the router.The router
89
of the network. Once the message has arrived at the router. The PC encapsulates the IP packet in an Ethernet frame for this purpose.255.14 255.1
Thus every participant gets an IP address where the Net ID for every participant is the same but the Host ID for every participant is unique. this will forward the IP packet via the WAN interface to another router on the Internet. Every device on the network can now be conﬁgured as follows. For this purpose. the router. the network interface also has a MAC address on the LAN side. A problem occurs now as the router will have to decide to which PC this message has to be sent. via the Internet. gets a unique IP address on the Internet from the ISP (Internet Service Provider). The router will function as default gateway on the network. The Server’s response does not contain any data anymore with regard to the original sender IP NAT was developed to solve this problem. If an application on a PC on the network wants to start a communication with a Server on the Internet.0 172.4 shows the data that are required to make the Ethernet frame. This IP packet is sent on the Internet via the default gateway. IP address Subnetmask Default gateway 172. As the private network is separated from the Internet.0.

The NAT protocol permits the router to change the TCP source port ﬁeld. If Servers are present on the private network that have to be reached directly via the Internet. NAT allows a company to only use one global IP address for its communication with the outside world via the Internet. One network is called the inside.
6.6. This way.5 shows the functioning of the NAT protocol. Figure 6. the external IP address of the router has to be linked as endpoint to the port number from the NAT table. intended for that speciﬁc Server. NAT is a protocol that translates an IP address on one network into an IP address known on another network. As described in the previous paragraph. In a NAT table.2
Port Forwarding
Port forwarding is the static use of the NAT protocol. the router places its external IP address as source IP address in every message that is sent from the private network on Internet. to the correct endpoint of the Server. the other network the the outside Typically.1
IP NAT
NAT: IP masquerading
Network Address Translation (NAT) is a protocol that allows to link a network to the Internet with unregistered IP addresses (a private network that complies with RFC 1597). the router knows for which endpoint this message is intended.4: Adaptation of a data frame by a router
6. This contributes to the security concept as all outbound and inbound messages are subject to a translation of addresses. all new port numbers are linked to an internal endpoint. This is
.The router
90
Figure 6. All replies will now be addressed to the external IP address of the router. a company will translate its local inside IP addresses into one or more global outside IP address and will translate the global IP addresses of inbound messages back into inside IP addresses. In order to reach this server on the Internet. Every reply from the Internet to a PC on the private network will be addressed to the external IP address of the router but will contain a port number from the NAT table of the router as TCP destination port. then the endpoints of these Servers can be linked in a static way to port numbers in the NAT table of the router. From a practical point of view.6
6. This is the dynamic use of the NAT protocol and therefore sometimes called the dynamic NAT.6. The router will translate the endpoint in the inbound message.

68.5: Functioning of the NAT protocol: on a PC with IP address 172.45.
.The router
91
Figure 6.14 . the http://166. The exact IP data of the Server should not be made available so that hackers do not have any idea of the architecture of the network on which the Servers are located. Figure 6.22.159: 80 command is given
already an additional form of security.6 shows which conﬁguration has to take place for port forwarding or static NAT.23.

0.1.
. via the IP address 10. If a router is connected on the LAN side to the network 192.6: Port forwarding
6.1.0/16 as external IP address.0/16 and has 10.The router
92
Figure 6.100. • An ARP demon on the mGuard processes the ARP requests from the external network.7
1:1 NAT
1:1 NAT is a protocol whereby an IP address is translated into another IP address without changing the used TCP/UDP ports.1.1. via the WAN side. then the LAN participant with IP address 192.1.1.
Figure 6.
• No additional routes have to be deﬁned on the corporate network.100 can be reached by means of the 1:1 NAT.1.7: Mapping of the IP address with 1:1 NAT
1:1 NAT offers interesting options for the automation world:
• Different subnets can be linked to each other whereby a same IP addressing is used on
all subnets.168.0/24 and via the WAN port with the network 10.168.

8 shows the functioning of 1:1 NAT.The router
93
• The IP mapping can immediately consult systems on subnets from the corporate network.
. The HOST ID is retained for this mapping and only the NET ID is adapted. Figure 6.

8: Principle of 1:1 NAT
.The router
94
Figure 6.

The speciﬁed. outgoing (outbound) or just passing through (route). Such ﬁrewalls function in a simple and fast way. a router and a ﬁrewall are mistakenly confused even though there is a fundamental difference.. A router is a network structure element meant for forwarding data trafﬁc as fast and efﬁcient as possible and is meant for blocking trafﬁc. These are software ﬁrewalls and hardware ﬁrewalls.and hardware ﬁrewalls) function in a similar way. except the trafﬁc that is explicitly allowed to pass.. But what is actually in the message is not checked.Chapter 7
The ﬁrewall
7.) and port numbers. The distinction is made based on the way in which a decision is made to let data pass or not. The used terminology is applicable to both.
• Packet ﬁlter: based on a number of rules. The packet ﬁlter actually functions as a gatekeeper. Sometimes.. protocols (http. The use of ﬁrewalls certainly does not have to be limited to Internet connections.
7. It may also be interesting to deploy ﬁrewalls within internet networks to protect certain parts separately. the ﬁrewall decides whether an IP packet can
pass or is to be refused. Firewalls can also be differentiated based on method of functioning. but easy to be falsiﬁed (spoofed) origin and the ﬁnal destination (IP address and port number) are checked.
. telnet. A software ﬁrewall is a ﬁrewall that is installed as a programme on a computer.2
Types of ﬁrewalls
There are two types of ﬁrewalls. This way is checked whether the messages are incoming (inbound). Such rules are built by means of IP addresses. A hardware ﬁrewall is a separate device such as a router with integrated ﬁrewall. It roughly screens the passing messages. A ﬁrewall is designed to refuse all trafﬁc. Both types of ﬁrewalls (software. The speciﬁed type and character of the message is checked in the transport layer. domain names.1 Introduction
A ﬁrewall is an application that controls the access to the data on the network. Firewalls can usually be conﬁgured to also register all trafﬁc in a log book and can carry out centralised management functions. ftp.

.The ﬁrewall
96
Packet ﬁlters are stateless. Stateful Packet Inspection (SPI) means that each packet checks the context after the signing-on and the following handshaking between the communicating hosts. whether the connection between the source and the target by itself is allowed. They check the origin and the destination but cannot evaluate suspicious pattern in a certain session. then the session is aborted. The latest ﬁrewalls are stateful inspection ﬁrewalls. it is not possible to detect when several data packets are suddenly exchanged between certain applications.
• Stateful inspection: beside the different rules in accordance with a packet ﬁlter. For example. If not. then the synchronisation request is rejected. If something strange occurs within the context of that connection (a host suddenly changes his IP address or his target port). then the information from the ﬁrst datagram (that the session (SYN) builds during the session) is stored in a state-table database in the memory. Stateful inspection will check during the complete session what is allowed in accordance with the connection request. like with a stateless packet ﬁlter. First is checked. If the connection is allowed. a ﬁrewall can retain intermediate information with regard to all connections that run over the ﬁrewall.

This means that there is no:
• data secrecy (encryption) • identity guarantee of the sender (authentication) • check whether data are corrupt or not (integrity)
A Virtual Private Network (VPN) is a private communication channel that functions as an umbrella above a public infrastructure. IPsec
IPsec (Internet Protocol Security) is the most widely used VPN protocol. During
a secured data transport it must be guaranteed that the party intended to receive the packet is the actual receiving party. So. The data to be sent via this service are secured in such a way that the integrity.
• Authentication: the protocol records the identity of the communication parties. For this purpose. IPsec (an acronym for Internet Protocol Security) is a suite of protocols that ensure together that IP packets can be sent over an IP network. IPsec can be implemented transparently in a network infrastructure.
• Acknowledgement: the protocol shows that when a data transport takes place. authorisation and authentication of the data remains guaranteed. There are different protocols that provide this service.most of the time the Internet.
8. the
receiving party cannot deny this.
.2
Internet Protocol Security.Chapter 8
VPN
8. IP security offers internet users the option to send data in a secure way. IPsec makes encryption of the data between two communication partners possible. The ﬁnal users will in principle not notice that a VPN is used. the suite of protocols ensures that the following services are active during the sending of an IP data packet:
• Integrity: the protocol offers the guarantee that the sent packet is not modiﬁed by a
third party during the transport.1 Introduction
Data packets are completely unprotected when sent over the Internet.

Next. 3DES is obsolete and is used only if it is not possible to use AES. Encryption is used for many protocols in order to realise data secrecy. It uses the IKE protocol (Internet Key Exchange) for this with which the parties that want to set up a connection are identiﬁed. For encryption.
• Internet Key Exchange (IKE): assists in the setting up of the connection by safely transmitting keys/certiﬁcates. SSL that functions on higher OSI levels (and cannot secure UDP).VPN
98
• Conﬁdentiality: the protocol ensures the actual security of the data and guarantees the
sender that only the receiving party can read the message. • Encapsulating Security Payload (ESP): safeguards against Man-in-the-middle attacks.optional for IPv4 and mandatory for IPv6. the data will be transformed into an illegible form.g. IPsec exists in two variants:
. a connection is set up and the data to be sent are secured by means of encryption . By means of a key. the so-called cyphertext. IPsec supports security as of the third layer of the OSI model (called the network layer). The protocol is built as follows:
• Authentication Header (AH): checksum check for the complete IP packet. The most used encryption techniques today are 3DES and AES. AES is always preferred for its stronger crypto properties compared to 3DES. This means that TCP as well as UDP can use it but it also results in overhead with regard to e.1: Internetworks
The protocol is mostly deployed for the sending of information via public connections and prevents so-called ’Man in the middle attacks’ and ’Spooﬁng’. • IP payload compression (IPcomp): compression of the IP packet payload before the
encryption takes place. IETF established the standard in RFC’s 2401-2412 .
Figure 8. the receiver can carry out the reverse transformation (decryption) which makes the text legible again.

VPN
99
• Transport: encrypts the content (payload) of the IP packet but not the header. 1. Host to security gateway
Figure 8. The IP packet has the start and end point of the tunnel as source and target address.
8.3: Host to security gateway
3.and target addresses remain unchanged. The source.
• Tunnel: encrypts the content as well as the header of the IP packet. Security gateway to security gateway
Figure 8. Host to host gateway
. In this mode. the
complete IP packet is inserted into a completely new IP packet. No new
IP packet is created in this mode but the headers (AH or ESP or both) are inserted into the IP packet.2: Security gateway to security gateway
2.3
VPN implementations
VPN can be implemented in three different ways.

VPN
100
Figure 8.4: Host to host gateway
.

A corporate network is. linked to the Internet via a router and a ﬁrewall. Incoming as well as outgoing communication can be blocked. in its simplest form. Larger corporate networks also provide a DMZ . Ethernet TCP/IP is already for years the standard when it comes to setting up IT networks in ofﬁce and companies.Chapter 9
Automation networks & Security
9.1 Corporate network
A corporate network is the set of servers.. is a device that enables communication between two networks.. in its simplest form. DNS server.
. web server.
Figure 9.this is a part of the network containing public servers (mail server. Speciﬁcally. The ﬁlter criteria can be IP addresses. this is the corporate network (LAN) on one side and the Internet (WAN) on the other side. Firewalls are used to block unwanted communication whereby IP packets are ﬁltered in accordance with rules that the user has established.).1: A corporate network
A router.. port numbers or certain protocols that can be blocked or released by choice. computers and systems that enable the general functioning of the company on IT-level.

data servers. controllers.Automation networks & Security
102
9.2
Automation network
An automation network consists of one or more automation cells.2: Different topologies in an automation cell
Important segments are connected to each other via switches in a redundant ring. An automation project is the set of
• Production lines and process installations • PLC systems (Programmable Logic Controllers) • ESD systems (Emergency Shut Down and Safety Controllers) • DCS systems (Process and distributed Control Systems) • SCADA systems (Supervisory Control and Data Acquisition)
Switches are the structure elements with which a complete automation cell is built further.1
Corporate network
Automation cell
An automation cell is the set of PCs. it is necessary that all IO devices are by default equipped with an integrated switch. The combination of different topologies and media makes a ﬂexible. In order to make a line structure possible. sensors and actors that are required to execute the different functionalities of the automation concept.
. a line structure is applied to connect participants with each other. Where possible. In certain subsegments. Every cell is separated here by a router.
9.2.2
9. network participants are connected in a star via switches (such as in normal IT networks).
Figure 9.2. IO devices. safe and controllable network (based on Ethernet TCP/IP) laid out on the industrial shop ﬂoor.

This can never be higher than 60For the building of a redundant ring structure. connectors and infrastructure elements have to be aligned with the production environment where impacts like humidity. temperature variations. the switches have to support RSTP.3: Automation network
Cabling and connectors in an automation network The extension and the cabling as used in the ofﬁce environment cannot be applied in the same manner to raw industrial environments. It is recommended to carry out the cabling ﬁrst and then to implement the Ethernet connectors. shocks or vibrations can occur. These elements.
.for device diagnosis • LLDP . Another important step in a secure network is the use of VLAN. connectors and cables.Automation networks & Security
103
Figure 9. A smart memory plug is used for the simple conﬁguration of new devices.for control and diagnosis of the network topology • VLAN . the switches within the different automation cells have to support the following protocols:
• Web-based management . Cables. For the management and diagnosis of the network. Use of switches Only switches are used as structure elements.for the structured division of the network
Switches should have the option to send SNMP trap messages for different events or to activate an alarm contact. It is important that all Ethernet cables can be conﬁgured in a simple way on the work ﬂoor. This is the ﬁrst step towards a reliable automation network. have to comply with the quality requirements of the industry.for a fast and clear conﬁguration • SNMP . The building of the network is important in order to optimise the network load.

other than the known Microsoft protocols.1
Necessity of security
Introduction
Automation networks are up to now mostly isolated networks with controllers and network protocols that are based on proprietary protocols. The realisation and this knowledge is well-established on production level. Modern automation projects are characterised by open systems and communication networks based on Ethernet TCP/IP.2
Awareness
The realisation and the knowledge to secure the ofﬁce network is well-established these days.Automation networks & Security
104
9. supplemented with a number of additional security measures.3
Linking of an automation network to a corporate network
The linking of an automation network with the corporate network takes place by means of a router.
9.2. For
. The production department itself is usually responsible for the industrial communication. These open systems are virus-prone and can cause the blocking of the PLC. Windows and Ethernet are sweeping through the production halls and that is an interesting development. It has become a standard practice to place a ﬁrewall between the ofﬁce network and the Internet. isn’t it? • Would any unauthorised person really hack the production equipment and bring the
factory to a standstill?
• Moreover. On the one hand. The following questions on the work ﬂoor are therefore very obvious:
• Is the production IT so vulnerable that security is vital? • Nothing can happen when the corporate network is properly secured. This properly secures the ofﬁce network. run on the
systems within the industrial IT. Doesn’t this make the production networks less prone to attacks from the outside world? This last statement was correct in earlier days but now the trend is to use open systems such as Windows-based software applications and protocols like HTTP. the problems on the industrial work ﬂoor are not concentrated around the intentional hacking but more around the accidental errors within the production.3
9.3.3.
9. It is therefore important to protect the automation world against the dangers that have been faced for years by the IT world. The IT department is therefore jointly responsible for the industrial communication. FTP or DCOM (used in OPC) till the PLC level. certain other protocols. But it is becoming increasingly clear that viruses and hackers also have a hold over machine parks and installations. This router ensures an ideal separation between the two networks that have completely different requirements. Security is an important point of attention. This router has to establish an open but highly secure communication structure between the corporate network and the automation network. Security is rarely a point of attention.

Data trafﬁc from the ofﬁce network can cause delays on the production network.3.
• availability: resources are available and function correctly at the time that they have to
do so. In the ofﬁce world. Recent studies show an increasing trend in the area of industrial security incidents. . how and why of the security in the automation world. sabotage. There is a standard under development (ANSI/ISA99) to completely describe the what. cables that are pulled out or wrongly plugged in.
9.. The more accidental events are more and more supplemented with external incidents such as viruses. Security will therefore prevent an unauthorised person from entering the system. On the other hand. It has to be checked what elements from the ofﬁce IT are used and not used in the production IT. there is an important difference in the main objective of security. Trojan horses.. there is a distinct possibility that the data that is hacked will be misused. Security is a must. Hackers carry out their activity less and less for the fun of it and more and more with the intention to blackmail a certain company. Production standstill or something even worse can result from the use of an USB stick that it is infected with a virus and is plugged to a PC that is connected to a machine. there are important differences between both domains.Automation networks & Security
105
example. In the automation world. will make sure that the system functions normally at all times and that all data in the system can be handled in a conﬁdential manner. The company can be blackmailed in such a case. the main aim for security is always the conﬁdential handling of data.
9. Hackers have acquired more and more knowledge of control systems and SCADA applications. This has become an organised crime. The ofﬁce IT is not the same as production IT.3.
.3
Objective of security
The main objectives of security are threefold:
• conﬁdentiality: security that data do not end up with a third party. • Data integrity: protection of the data against unwanted adaptations or against their
destruction. Main objective of security First of all. system hacking. However. the main aim for security will always be the availability of the production system..4
Security in the ofﬁce world versus security in the automation world
Introduction The integration of open systems can give the impression that the security problems within the production world can be solved by copying the approach in the ofﬁce world.

for instance. the installation of a service pack is certainly not logical and in some industrial sectors it is not permitted. the end device.Automation networks & Security
106
Network performances Both domains have totally different performance requirements. Different security architecture In the ofﬁce IT. An overview: Automation network Real-time Response is time critical Medium throughput acceptable Signiﬁcant delays are a problem Ofﬁce network Not real-time Response has to be reliable High throughput required Signiﬁcant delay and jitter is acceptable
Therefore. An overview: Automation network Continuous operations Power cuts are not acceptable Supposedly tested before the implementation Formal certiﬁcation is mandatory for applications Ofﬁce network Planned operations Power cuts are acceptable beta testing on location allowed Little paperwork for applications
The installation of a new service pack is a good example for this. it is important to be able to correctly estimate the impact of security technologies on the performance of the system before this is implemented. Reliability of a network The requirements for reliability are also different for both domains. Operating an emergency stop for example. whereas in the industrial world. such as the PLC. A lot of encryption is applied. For the production IT. cannot be obstructed by password securities. there are critical response times on human interventions in the automation networks. In the ofﬁce world. Encryption however. is the most critical device and not the central data server which contains the historical process data. the central servers are the most critical devices to protect. does not stimulate the real-time functioning. in the ofﬁce world. this is a normal thing.
. Different risk outlook Automation network Human safety Risk impact is loss of product or device Error tolerance is essential Ofﬁce network Data integrity Risk impact is loss of data Restart via reboot
Furthermore.

9.4 shows an overview of the ISA 99 standard.g. One can use safe communication channels between. techniques will have to be used that guarantee in the ﬁrst place that there will be no delays and still guarantee security and reliability. One of the objectives is to block all suspect programmes that look for a connection with the Internet from the own location. At the moment. worm viruses and spyware. anti-spyware and anti.
Figure 9.4: The ANSI/ISA 99 standard
Figure 9. there are programmes in the ofﬁce IT such as anti-virus programmes.5
Standardisation with regard to security in automation networks
Introduction ANSI/ISA 99 gives directives for the carrying out of risk assessment. spyware and adware that are included in the database. e. programmes. The standard is set up in collaboration with end users.01 are available. if necessary. The principle of this IT protection is that the ﬁrewall views and analyses all inbound and outbound data trafﬁc. The ANSI/ISA 99 norm is currently under development. Other technologies will have to be applied. In order to realise a more industry-compatible ﬁrewall.. An option is to check the applied protocols instead of the actual data.adware programmes that block every inbound ﬁle. 2 parts are available. In order to ensure real-time functioning. system integrators and suppliers. only part 1 and part 2.3. The software programmes protect the network or the speciﬁc computer against the outside world and allow only trusted messages to pass.
.. PLC and the master computer or data servers. Currently. no delay should occur when checking the data that pass that ﬁrewall. check for threats hidden within the database and then declare the ﬁle clean or place it in quarantine... Part 1 is meant to be a framework around all the other parts. data ﬁles. They also screen all called up ﬁles for the presence of viruses.Automation networks & Security
107
Decision The classic ﬁrewall protects against hackers. Such ﬁrewalls slow down the system and can even prevent the programme from functioning. In addition. the setting up of a socalled cyber security management and carrying out that management.

intelligent card. applications. the last version dates from 29 October 2007. are discussed. Various points of attention that can result in a successful integration:
• Security management has to completely ﬁt in the company policy • The security programme has to ﬁt in the corporate culture • Support and commitment from the company management • Clear budgeting of security management actions • Separating functionalities: if a production in charge is also responsible for security. Part 2 will consist of two elements.02.00. In this part.2004) Originally.. then
security often comes second.. The basis of such a plan is to map out all possible risks and then to formulate a number of solutions.01.. resources.. devices. The original part 2 and part 3 are now ﬁnally merged together as part 2.. The ﬁrst part ISA 99 part 2. It is meant to provide support to companies setting up a security management plan.). Authentication is the process to be able to positively recognise users.2007) The title of the ﬁrst part is: ’Security for Industrial Automation and Control Systems’.00... Various human factors can contribute to a successful implementation of a CSMS (Cyber Security Management System). something that is possessed (key.. technologies such as authentication and authorisation. dongle.6
A security programme
The elaboration of a security plan is more than just thinking of technical solutions such as ﬁrewalls and encryption of data. A distinction must also be made between 2 different authentications: user authentication and network service authentication. password.
• Organise activities and training for all employees • Distribute guidelines among all employees •
. ﬁrewalls.Automation networks & Security
108
Part 1 (ANSI/ISA report TR99. VPN..) or something physical (ﬁnger print.
Part 4 The requirements that are set for equipment and systems are described in part 4 so that these would comply with the ISA 99 standard. It describes security technologies that are currently available for industrial production and control systems.02 will describe how such a security plan has to be executed.) .
9.3..01 is ready and has the title ’Establishing an Industrial Automation and Control Systems Security Program’. ISA 99 part 2.. the second part had the title: Integrating Electronic Security into the Manufacturing and Control Systems Environment. Authentication can take place by means of sometimes that has to be remembered (pin code.. Part 2 (ANSI/ISA report TR99.

it is not just one rule but different concepts which have to be followed to ensure that human errors are minimised or that persons with malicious intentions are deterred from misusing the available data.4. Human activities can cause. a production standstill. for example. the production or the process against certain human activities.Automation networks & Security
109
9.3
Layer 3 security
The most important step when securing an automation network is the separation of different segments by a security module.4.
• Switches should have the option to set different securities per port. Security on the work ﬂoor can be integrated at different levels.5 shows the option to block unused ports or fasten Ethernet connectors.4
Security in practice
Security actually means protecting the machine. in order to prevent access by unauthorised participants. Figure 9.5: Layer 1 security
9. In order to apply security.
9. Switches have to provide the option to set some important securities:
• Web-based management has to be protected by a password. Safe clips should be used to prevent easy removal of network cables from a network port. This
makes it more difﬁcult for an outsider to retrieve the applied IP addressing on the network. has to be set per port.2
Layer 2 security
A second step for securing a network is to use available software to control switches.1
Layer 1 security
A ﬁrst step for a well-secured network is the mechanical security of the network cables. A security module is a router with the following options:
• NAT and 1:1 NAT: the application of NAT ensures the translation of IP addresses. The access to free RJ45 ports of the different switches should be limited mechanically.
Figure 9.
.4. intentionally or not.
9. A list of authorised
MAC addresses. • Option should be available to allocate different rights (read-only or read-write protection) on the basis of IP addresses.